Information processing apparatus with security module
First Claim
1. An information processing apparatus being adapted to communicate with a tamper-proof device, and comprising a TPM, a key management module for managing a key database, a memory, and a file processing module for encrypting and decrypting a file, wherein said TPM stores a first TPM key therein and encrypts a third TPM key;
- said key management module stores and manages the third TPM key in said database;
when said information processing apparatus starts communicating with said tamper-proof device, said key management module receives, from said TPM, a parameter for generating a second TPM key, provides the received parameter to said tamper-proof device, receives from said tamper-proof device the second TPM key which has been encrypted using the first TPM key, and provides said TPM with the second TPM key and with the third TPM key which has been encrypted using the second TPM key;
when the second TPM key contains password check information, said TPM receives from said tamper-proof device a password associated with the password check information, and verifies the received password using the password check information;
when it is verified that the password is correct, said TPM decrypts the second TPM key using the first TPM key, decrypts the third TPM key using the decrypted second TPM key, and decrypts, using the decrypted third TPM key, an encrypted encryption key for decrypting the file; and
said file processing module decrypts the file using the decrypted encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
An information processing apparatus includes a TPM, a key management module for managing a key database, a memory, and a file processing module for encrypting and decrypting a file. The TPM stores a first TPM key therein and encrypts a third TPM key. The key management module stores and manages the third TPM key in the database. When the information processing apparatus starts communicating with the tamper-proof device, the key management module receives, from the TPM, a parameter for generating a second TPM key, provides the received parameter to the tamper-proof device, receives from the tamper-proof device the second TPM key which has been encrypted using the first TPM key, and provides the TPM with the second TPM key and with the third TPM key which has been encrypted using the second TPM key. When the second TPM key contains password check information, the TPM receives from the tamper-proof device a password associated with the password check information, and verifies the received password using the password check information. When it is verified that the password is correct, the TPM decrypts the second TPM key using the first TPM key, decrypts the third TPM key using the decrypted second TPM key, and decrypts, using the decrypted third TPM key, an encrypted encryption key for decrypting the file. The file processing module decrypts the file using the decrypted encryption key.
79 Citations
12 Claims
-
1. An information processing apparatus being adapted to communicate with a tamper-proof device, and comprising a TPM, a key management module for managing a key database, a memory, and a file processing module for encrypting and decrypting a file, wherein
said TPM stores a first TPM key therein and encrypts a third TPM key; -
said key management module stores and manages the third TPM key in said database;
when said information processing apparatus starts communicating with said tamper-proof device, said key management module receives, from said TPM, a parameter for generating a second TPM key, provides the received parameter to said tamper-proof device, receives from said tamper-proof device the second TPM key which has been encrypted using the first TPM key, and provides said TPM with the second TPM key and with the third TPM key which has been encrypted using the second TPM key;
when the second TPM key contains password check information, said TPM receives from said tamper-proof device a password associated with the password check information, and verifies the received password using the password check information;
when it is verified that the password is correct, said TPM decrypts the second TPM key using the first TPM key, decrypts the third TPM key using the decrypted second TPM key, and decrypts, using the decrypted third TPM key, an encrypted encryption key for decrypting the file; and
said file processing module decrypts the file using the decrypted encryption key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An information processing device comprising a connector for communicating with a separate information processing apparatus, a module for generating a TPM key, and a memory, wherein
said memory stores therein an encryption key, a decryption key, at least one password, and a public key of an external TPM key; - and
said generating module generates, in accordance with the password, information to be used for verifying the password, and encrypts the decryption key using the public key of the external TPM key, to thereby generate a TPM key which contains the encrypted decryption key and the information to be used for verifying the password, and said generating module is adapted to provide the generated TPM key to said separate information processing apparatus. - View Dependent Claims (8, 9, 10)
- and
-
11. In an information processing apparatus comprising a TPM, a processor and a memory and being adapted to communicate with a tamper-proof device, a method for password authentication and decrypting a TPM key, said method comprising:
-
storing a first TPM key in said TPM, and causing said TPM to encrypt a third TPM key;
storing and managing the third TPM key in said database;
receiving from said TPM a parameter for generating a second TPM key when said information processing apparatus starts communicating with said tamper-proof device, and providing the received parameter to said tamper-proof device, to receive from said tamper-proof device the second TPM key which has been encrypted using the first TPM key;
providing said TPM with the second TPM key and with the third TPM key which has been encrypted using the second TPM key;
receiving a password from said tamper-proof device, and causing said TPM to verify the received password using the password check information of the received second TPM key;
causing, when it is verified that the password is correct, said TPM to decrypt the third TPM key using the decrypted second TPM key, decrypt the second TPM key using the first TPM key, and decrypt, using the decrypted third TPM key, an encrypted encryption key for decrypting a file; and
decrypting the file using the decrypted encryption key.
-
-
12. In an information processing device comprising a processor, a memory and a connector for communicating with a separate information processing apparatus, said memory storing an encryption key, a decryption key, at least one password, and a public key of an external TPM key, a method comprising:
-
generating, in accordance with the password, information to be used for verifying the password;
encrypting the decryption key using the public key of the external TPM key;
generating a TPM key which contains the encrypted decryption key and the information to be used for verifying the password; and
providing the generated TPM key to said separate information processing apparatus.
-
Specification
-
- Resources
-
Current AssigneeFujitsu Limited
-
Original AssigneeFujitsu Limited
-
InventorsYasaki, Kouichi, Yamada, Isamu, Shibata, Seiki
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/183
-
CPC Class CodesH04L 9/0822 using key encryption keyH04L 9/083 involving central third par...H04L 9/0891 Revocation or update of sec...H04L 9/0897 involving additional device...
