公开(公告)号：WO2010041467A3

公开(公告)日：2010-06-24

申请号：PCT/JP2009005289

申请日：2009-10-09

Applicant: PANASONIC CORP ,  NICOLSON KENNETH ALEXANDER ,  MATSUSHIMA HIDEKI ,  TAKAYAMA HISASHI ,  ITO TAKAYUKI ,  HAGA TOMOYUKI

Inventor： NICOLSON KENNETH ALEXANDER ,  MATSUSHIMA HIDEKI ,  TAKAYAMA HISASHI ,  ITO TAKAYUKI ,  HAGA TOMOYUKI

IPC: G06F21/00

CPC classification number: G06F21/575 ,  G06F2221/2145

Abstract: A method to allow programs running within the application space of a device with a secure processor and a trusted computing base to flexibly use certificates that describe the required system state. An information processing device including PSC database (1112), Component and PSC Map (1202), and OS support (1200).

Abstract translation: 允许在具有安全处理器和可信计算基础的设备的应用空间内运行的程序灵活地使用描述所需系统状态的证书的方法。 包括PSC数据库（1112），组件和PSC映射（1202）和OS支持（1200）的信息处理设备。

公开(公告)号：WO2009096181A2

公开(公告)日：2009-08-06

申请号：PCT/JP2009000340

申请日：2009-01-29

Applicant: PANASONIC CORP ,  NICOLSON KENNETH ALEXANDER ,  MATSUSHIMA HIDEKI ,  TAKAYAMA HISASHI ,  ITO TAKAYUKI ,  HAGA TOMOYUKI

Inventor： NICOLSON KENNETH ALEXANDER ,  MATSUSHIMA HIDEKI ,  TAKAYAMA HISASHI ,  ITO TAKAYUKI ,  HAGA TOMOYUKI

CPC classification number: G06F21/575

Abstract: A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may not be present, not correctly authorized, or not correctly operating.

Abstract translation: 即使安全设备的固件中的某些组件可能不存在，授权不正确或操作不正确，也允许设备以安全方式引导的方法。

公开(公告)号：EP2568408A4

公开(公告)日：2013-08-07

申请号：EP11777373

申请日：2011-04-19

Applicant: PANASONIC CORP

Inventor： MAEDA MANABU ,  MATSUSHIMA HIDEKI ,  HAGA TOMOYUKI ,  NICOLSON KENNETH ALEXANDER

IPC: G06F21/30 ,  G06F21/10 ,  G06F21/53 ,  G06F21/55 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F9/45533 ,  G06F21/556

公开(公告)号：EP2549380A4

公开(公告)日：2014-12-17

申请号：EP11755848

申请日：2011-03-08

Applicant: PANASONIC CORP

Inventor： MAEDA MANABU ,  MATSUSHIMA HIDEKI ,  HAGA TOMOYUKI ,  NICOLSON KENNETH ALEXANDER

IPC: G06F9/48 ,  G06F9/455 ,  G06F21/53

CPC classification number: G06F9/45533 ,  G06F9/4843 ,  G06F21/53 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: A device (110) according to an implementation of the present invention, having a plurality of virtual machines (1002, 1003, 1004, and 1005), includes a virtualization software (1001) which manages the virtual machines. The virtualization software includes an application VM creating unit (1300) which creates a virtual machine for executing a program. A first virtual machine (1002) determines whether a first program is to be executed on the first virtual machine or to be executed on a virtual machine other than the first virtual machine. When the first virtual machine determines that the first program is to be executed on the other virtual machine, the application VM creating unit creates a second virtual machine for executing the first program.

公开(公告)号：EP2196936A4

公开(公告)日：2012-05-02

申请号：EP08835878

申请日：2008-09-30

Applicant: PANASONIC CORP

Inventor： TAKAYAMA HISASHI ,  MATSUSHIMA HIDEKI ,  ITO TAKAYUKI ,  HAGA TOMOYUKI ,  NICOLSON KENNETH ALEXANDER

IPC: G06F9/445 ,  G06F21/57

CPC classification number: G06F21/575

公开(公告)号：JP2009003855A

公开(公告)日：2009-01-08

申请号：JP2007166321

申请日：2007-06-25

Applicant: Panasonic Corp ,  パナソニック株式会社

Inventor： HAGA TOMOYUKI ,  NICOLSON KENNETH ALEXANDER ,  MATSUSHIMA HIDEKI ,  ITO TAKAYUKI ,  TAKAYAMA HISASHI ,  MAEDA MANABU

IPC: G06F21/24 ,  G06F21/06

CPC classification number: G06F21/57 ,  H04L9/3273 ,  H04L2209/603

Abstract: PROBLEM TO BE SOLVED: To provide a flexible setting method for a shared counter by sharing a counter with a tree structure between a plurality of security modules while suppressing the amount of secure memory usage. SOLUTION: The shared counter is achieved by making a node with a tree structure of a first counter group and a node with a tree structure of a second counter group shared between the first counter group with a tree structure managed by a first secure module and the second counter group with a tree structure managed by a second secure module. A sharing method by a tree structure flexibly makes an addition, elimination and access restriction setting of a module that uses the shared counter. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：通过在抑制安全存储器使用量的同时在多个安全模块之间共享具有树结构的计数器来为共享计数器提供灵活的设置方法。 解决方案：共享计数器是通过使具有第一计数器组的树结构的节点和具有第二计数器组的树结构的节点在第一计数器组之间共享的树结构与由第一计数器组管理的树结构 模块和具有由第二安全模块管理的树结构的第二计数器组。 通过树结构的共享方法灵活地使用使用共享计数器的模块的添加，消除和访问限制设置。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：JP2009003853A

公开(公告)日：2009-01-08

申请号：JP2007166319

申请日：2007-06-25

Applicant: Panasonic Corp ,  パナソニック株式会社

Inventor： TAKAYAMA HISASHI ,  MATSUSHIMA HIDEKI ,  ITO TAKAYUKI ,  HAGA TOMOYUKI ,  NICOLSON KENNETH ALEXANDER

IPC: G06F21/22

Abstract: PROBLEM TO BE SOLVED: To prevent illegal action such as replacing information terminal software with a group of old modules if software is composed of a group of modules provided by more than one provider. SOLUTION: An information terminal includes: a first information processing section configured by executing a group of information processing modules of a first provider; a second information processing section configured by executing a group of information processing modules of a second provider; and a security module. The security module includes: a cumulating section for calculating a summarized cumulative value of a software module and storing the value in a register; a counter for holding a counter value indicating the version of the software module; and a configuration authentication section for authenticating the configuration of the software module. The first information processing section verifies configuration authentication data generated by the configuration authentication section and controls the activation of a software module in the group of information processing modules of the second provider. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：如果软件由多个提供商提供的一组模块组成，则防止非法操作，例如用一组旧模块替换信息终端软件。 解决方案：信息终端包括：第一信息处理部分，通过执行第一供应商的信息处理模块组; 第二信息处理部，其通过执行第二提供者的信息处理模块组而构成; 和安全模块。 安全模块包括：累积部分，用于计算软件模块的总计累积值并将该值存储在寄存器中; 用于保持指示软件模块的版本的计数器值的计数器; 以及用于认证软件模块的配置的配置认证部分。 第一信息处理部分验证由配置认证部生成的配置认证数据，并控制第二供应商的信息处理模块组中的软件模块的激活。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：JP2012039390A

公开(公告)日：2012-02-23

申请号：JP2010177819

申请日：2010-08-06

Applicant: Panasonic Corp ,  パナソニック株式会社

Inventor： NICOLSON KENNETH ALEXANDER ,  MATSUSHIMA HIDEKI ,  HAGA TOMOYUKI ,  MAEDA MANABU

IPC: H04L9/32 ,  G06F21/20 ,  H04L9/10

Abstract: PROBLEM TO BE SOLVED: To provide a computing technology capable of securely correcting one rule element of complicated authentication rules in a reliable environment.SOLUTION: A security LSI with tamper resistance includes a nonvolatile memory, a volatile memory, a monotone counter region, a configuration register storing storage information related to a platform status, and an encryption section. The security LSI also includes an object rule correction ticket issue part that corrects a rule included in an object received from the outside. Only when the received object includes the same encryption hash as a stored encryption hash, the ticket issue part is activated. Therefore, a rule correction is performed by a method for which origin of the correction can be sufficiently checked.

Abstract translation: 要解决的问题：提供一种能够在可靠环境中安全地校正复杂认证规则的一个规则要素的计算技术。 解决方案：具有防篡改性的安全LSI包括非易失性存储器，易失性存储器，单调计数器区域，存储与平台状态相关的存储信息的配置寄存器和加密部件。 安全LSI还包括对象规则校正单发行部，其对从外部接收到的对象中包含的规则进行校正。 只有当接收到的对象包含与存储的加密散列相同的加密散列时，才能激活票证发行部分。 因此，通过可以充分检查校正的原点的方法来执行规则校正。 版权所有（C）2012，JPO＆INPIT

公开(公告)号：JP2010003235A

公开(公告)日：2010-01-07

申请号：JP2008163471

申请日：2008-06-23

Applicant: Panasonic Corp ,  パナソニック株式会社

Inventor： NICOLSON KENNETH ALEXANDER ,  MATSUSHIMA HIDEKI ,  TAKAYAMA HISASHI ,  ITO TAKAYUKI ,  HAGA TOMOYUKI ,  MAEDA MANABU

IPC: G06F21/22 ,  G09C1/00 ,  H04L9/32

CPC classification number: G06F21/57 ,  H04L9/3268 ,  H04L2209/80

Abstract: PROBLEM TO BE SOLVED: To update certificates without making a customized set of updated certificates for each machine even if the machine has optional components. SOLUTION: The server 118 makes a set of updated certificates including all candidate pieces of software which can be activated in the device. A mobile device 110 receives the set from the server 118, and searches updated certificates corresponding to pieces of software which are being activated in the device 110. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：即使机器具有可选组件，也不需要为每台机器定制一组更新的证书来更新证书。 解决方案：服务器118制作一组更新的证书，包括可以在设备中激活的所有候选软件片段。 移动设备110从服务器118接收该组，并搜索对应于正在设备110中激活的软件的更新的证书。（C）2010，JPO＆INPIT