Information Communication Device and Program Execution Environment Control Method

US 20080005794A1
Filed: 08/15/2005
Published: 01/03/2008
Est. Priority Date: 08/25/2004
Status: Active Grant

First Claim

Patent Images

1. An information processing device comprising:

a plurality of processors, said plurality of processors including a processor constituting a first domain and a processor constituting a second domain which is different from the first domain;

wherein the second domain includes a processor having at least one processing that is lower in a trust level than processing executed by the processor belonging to the first domain;

inter-processor communication means that controls communication between the processor in the first domain and the processor in the second domain; and

access control means that limits access, made by the processor belonging to the second domain, to a memory and/or an input/output device belonging to the first domain according to a trust level of processing executed by the processor belonging to the second domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device and a method are provided for increasing processing speed and for ensuring system security when an application or a driver is added. The device includes a first CPU group 10A that executes software 20A composed of basic processing 22 and an OS 21A; a second CPU group 10B that executes software 20B composed of additional processing 23 and OS 21B corresponding to the additional processing, inter-processor communication means 40, and 402 used for communication between the first CPU 10A and the second CPU 10B, and access control means 30 that controls access made by the second CPU 10B to a memory 50 and/or an input/output device 60.

Citations

61 Claims

1. An information processing device comprising:
- a plurality of processors, said plurality of processors including a processor constituting a first domain and a processor constituting a second domain which is different from the first domain;
  
  wherein the second domain includes a processor having at least one processing that is lower in a trust level than processing executed by the processor belonging to the first domain;
  
  inter-processor communication means that controls communication between the processor in the first domain and the processor in the second domain; and
  
  access control means that limits access, made by the processor belonging to the second domain, to a memory and/or an input/output device belonging to the first domain according to a trust level of processing executed by the processor belonging to the second domain.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The information processing device as defined in claim 1, wherein said access control means comprises:
    - means that stores access permission data; and
      
      access permission means that monitors access from the processor belonging to the second domain to the memory and/or the input/output device, references the access permission data, and determines whether or not the access can be permitted.
  - 3. The information processing device as defined in claim 2, wherein said access control means further comprises access permission data update means that updates the access permission data.
  - 4. The information processing device as defined in claim 2, wherein said access control means further comprises access monitoring means that acquires access information on access by the processor belonging to the second domain and learning means that stores the access information.
  - 5. The information processing device as defined in claim 1, wherein said inter-processor communication means comprises an interrupt control information processing device that receives an interrupt request from a processor on a sending side of information and issues an interrupt to a processor on a receiving side of the information.

6. An information processing device comprising:
- at least one processor (referred to as “
  
  first class processor”
  
  ) that executes predetermined first class processing;
  
  at least one processor (referred to as “
  
  second class processor”
  
  ) that executes second class processing that is different from the first class processing;
  
  a memory and an input/output device;
  
  inter-processor communication means that controls communication between said first class processor and said second class processor; and
  
  access control means that limits access, made by said second class processor, to said memory and/or said input/output device according to a trust level of the second class processing.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 7. The information processing device as defined in claim 6, wherein said information processing device comprises a plurality of said first class processors and a plurality of said second class processors.
  - 8. The information processing device as defined in claim 6, wherein said second class processor executes at least one processing whose trust level is lower than that of the first class processing executed by said first class processor.
  - 9. The information processing device as defined in claim 6, wherein the first class processing includes vendor-provided basic processing;
    - and the second class processing includes additional processing downloaded from a network or a storage medium.
  - 10. The information processing device as defined in claim 6, wherein the second class processing includes a device driver and/or an application program to be executed in said second class processor.
  - 11. The information processing device as defined in claim 6, wherein said inter-processor communication means comprises:
    - inter-processor communication means that performs inter-processor communication for passing information from said first class processor side to said second class processor; and
      
      inter-processor communication means that performs inter-processor communication for passing information from said second class processor side to said first class processor.
  - 12. The information processing device as defined in claim 6, wherein said inter-processor communication means comprises an interrupt control information processing device that receives an interrupt request from a processor on a sending side of information and issues an interrupt to a processor on a receiving side of the information.
  - 13. The information processing device as defined in claim 6, wherein said inter-processor communication means comprises an interrupt control information processing device and a shared memory, corresponding to an interrupt target processor;
    - wherein said interrupt control information processing device comprises;
      
      an interrupt indication unit that accepts an interrupt request from an interrupt-requesting processor and issues an interrupt request to the interrupt target processor;
      
      an interrupt holding unit that holds the interrupt request accepted by said interrupt indication unit; and
      
      an interrupt cancellation unit that cancels the interrupt in response to an interrupt processing completion notification from the interrupt target processor; and
      
      wherein said shared memory comprises;
      
      a communication area that stores data transferred from the interrupt-requesting processor to the interrupt target processor; and
      
      an exclusion control area which is for performing exclusion control for said communication area.
  - 14. The information processing device as defined in claim 6, wherein said access control means comprises:
    - means that stores access permission data; and
      
      access permission means that monitors access from the second class processor to the memory and/or the input/output device, references the access permission data, and determines whether the access can be permitted.
  - 15. The information processing device as defined in claim 14, wherein said means that stores access permission data stores, for each processor of the second class processors that is permitted access, an address range for which access is permitted and information on access types permitted for the address range.
  - 16. The information processing device as defined in claim 14, wherein said means that stores access permission data stores, for each processor of the second class processors that is not permitted access, an address range for which access is not permitted and information on access types not permitted for the address range.
  - 17. The information processing device as defined in claim 14, wherein the access permission data is allowed to be read and written by said first class processor;
    - the access permission data is allowed only to be read by said access permission means; and
      
      the access permission data is allowed neither to be read nor written by said second class processor.
  - 18. The information processing device as defined in claim 14, wherein said access control means comprises a cache memory that stores a correspondence between information on access addresses of said second class processor and information on access permission.
  - 19. The information processing device as defined in claim 14, wherein said access control means further comprises access permission data update means that updates the access permission data.
  - 20. The information processing device as defined in claim 6, further comprising:
    - at least one processor (referred to as “
      
      third class processor”
      
      ) that executes predetermined third class processing;
      
      inter-processor communication means that performs communication between said second class processor and said third class processor; and
      
      second access control means that limits access made by said third class processor to the memory and/or the input/output device, connected to said first class processor, according to a trust level of the third class processing.
  - 21. The information processing device as defined in claim 6, further comprising:
    - at least one processor (referred to as “
      
      third class processor”
      
      ) that executes predetermined third class processing; and
      
      inter-processor communication means that performs communication between said second class processor and said third class processor;
      
      wherein each of said first to third class processors comprises a memory and an input/output device connected via a bus, access made by said second class processor to the memory and/or the input/output device, connected to said first class processor, is limited by said access control means according to a trust level of the second class processing; and
      
      access made by said third class processor to the memory and/or the input/output information processing device connected to said first class processor, and/or to the memory and/or the input/output device connected to the second class processor, is limited by second access control means according to a trust level of the third class processing.
  - 22. The information processing device as defined in claim 20, wherein said third class processor executes at least one processing whose trust level is lower than that of the second class processing executed by said second class processor.
  - 23. An information processing device comprising a plurality of the information processing devices as defined in claim 6, wherein each of said information processing devices is configured in a different chip.
  - 24. An information processing device as defined in claim 23, further comprising access limitation means, configured between the chips, for limiting a permission of access to a memory and/or input/output device according to a trust level of processing belonging to said information processing devices configured in the chips.
  - 25. The information processing device as defined in claim 6, comprising:
    - a basic domain that includes;
      
      a basic software environment;
      
      an external device and/or a file system;
      
      an operating system;
      
      a security policy database that stores security information on downloaded data; and
      
      native code download management means that controls a download of native-code downloaded data; and
      
      a trusted extension domain that includes;
      
      native-code download execution means that controls an execution of a native-code downloaded program; and
      
      an operating system;
      
      wherein a downloaded application program (referred to as “
      
      trusted application program”
      
      ), which is determined as trusted by the native code download management means in the basic domain, is executed; and
      
      a downloaded device driver (referred to as “
      
      trusted driver”
      
      ), which is determined as trusted by the native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said trusted driver to execute trusted additional processing; and
      
      wherein said basic domain is implemented in said first class processor; and
      
      said trusted extension domain is implemented in said second class processor.
  - 26. The information processing device as defined in claim 20, comprising:
    - a basic domain that includes;
      
      a basic software environment;
      
      an external device and/or a file system;
      
      an operating system;
      
      a security policy database that stores security information on downloaded data; and
      
      native code download management means that controls a download of native-code downloaded data, a trusted extension domain that includes;
      
      native-code download execution means that controls an execution of a native-code downloaded program; and
      
      an operating system, wherein, in said trusted extension domain, a downloaded application program (referred to as “
      
      trusted application program”
      
      ), which is determined as trusted by said native code download management means in the basic domain, is executed; and
      
      a downloaded device driver (referred to as “
      
      trusted driver”
      
      ), which is determined as trusted by the native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said trusted driver to execute trusted additional processing, and an untrusted extension domain that includes;
      
      native-code download execution means that controls an execution of a native-code downloaded program; and
      
      an operating system;
      
      wherein, in said untrusted extension domain, a downloaded application program (referred to as “
      
      untrusted application program”
      
      ), which is determined as untrusted by said native code download management means in the basic domain, is executed; and
      
      a downloaded device driver (referred to as “
      
      untrusted driver”
      
      ), which is determined as untrusted by said native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said device driver to execute untrusted additional processing and wherein said basic domain is implemented in said first class processor;
      
      said trusted extension domain is implemented in said second class processor; and
      
      said untrusted extension domain is implemented in said third class processor.
  - 27. The information processing device as defined in claim 26, wherein, when downloaded data is input from said external device in the basic domain, said native code download management means in said basic domain checks a certificate of the downloaded data and, if a result of the checking indicates that the certificate is valid, the downloaded data is sent to said native-code download execution means in said trusted extension domain and if the result of the checking indicates that there is no certificate or a content of the certificate is invalid, the downloaded data is sent to said native-code download execution means in said untrusted extension domain.
  - 28. The information processing device as defined in claim 25, wherein, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded application program, said native code download management means in the basic domain checks a certificate of the downloaded application program and, if a result of the checking indicates that the certificate is valid, the downloaded application program is sent to said native code download execution means in the trusted extension domain.
  - 29. The information processing device as defined in claim 25, wherein, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded driver, said native code download management means in the basic domain checks a certificate of the downloaded driver and, if a result of the checking indicates that the certificate is valid, the downloaded driver is sent to said native code download execution means in the trusted extension domain;
    - and said native code download execution means in the trusted extension domain installs the downloaded driver into the operating system in the trusted extension domain.
  - 30. The information processing device as defined in claim 26, wherein, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded application program, said native code download management means in the basic domain checks a certificate of the downloaded application program and, if a result of the checking indicates that there is no certificate or a content of the certificate is invalid, the application program is sent to said native code download execution means in the untrusted extension domain via said native code download execution means in the trusted extension domain.
  - 31. The information processing device as defined in claim 26, wherein, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded driver, said native code download management means in the basic domain checks a certificate of the downloaded driver and, if a result of the checking indicates that there is no certificate or a content of the certificate is invalid, the downloaded driver is sent to said native code download execution means in the untrusted extension domain via said native code download execution means in the trusted extension domain;
    - and said native code download execution means in the untrusted extension domain installs the downloaded driver in the operating system in the untrusted extension domain.
  - 32. The information processing device as defined in claim 25, wherein said trusted extension domain further comprises a basic function library that includes a processing group, which issues a request to a basic function in the basic software environment in the basic domain, as a library;
    - said basic function library in the trusted extension domain sends a request to said native code download management means in the basic domain in response to a request from the application program downloaded in the trusted extension domain; and
      
      said native code download management means in the basic domain checks if the request received from the trusted extension domain is valid and, if the request is valid, requests said basic function in the basic software environment to process the request.
  - 33. The information communication information processing device as defined in claim 32, wherein said basic function in the basic domain processes the request and notifies a completion of the processing to said native code download management means in the basic domain;
    - said native code download management means in the basic domain notifies the completion to the basic function library in the trusted extension domain; and
      
      the completion of the processing is notified from said basic function library to said application program.
  - 34. The information processing device as defined in claim 26, wherein said trusted extension domain further comprises a basic function library that includes a processing group, which issues a request to a basic function in the basic software environment in the basic domain, as a library;
    - data is sent from the application program, downloaded in the untrusted extension domain, to the application program in the trusted extension domain;
      
      the application program in the trusted extension domain issues a request, which includes the data received from the application program downloaded in the untrusted extension domain, to said basic function library;
      
      said basic function library sends the request to said native code download management means in the basic domain in response to the request from the application program in the trusted extension domain;
      
      said native code download management means in the basic domain checks if the received request is valid and, if the request is valid, requests a user to confirm the request and if a confirmation result indicates permission, requests the basic function in the basic software environment to process the request; and
      
      if the confirmation result of the user indicates no permission, said native code download management means in the basic domain notifies no permission to said basic function library.
  - 35. The information processing device as defined in claim 34, wherein said basic function processes the request and notifies a completion of the processing to said native code download management means in the basic domain, said native code download management means in the basic domain notifies the completion to the basic function library in the trusted extension domain, the completion of the processing is notified from said basic function library to the downloaded application program, and said downloaded application program notifies the completion of the processing to the downloaded application program in the untrusted extension domain.
  - 36. The information processing device as defined in claim 25, wherein each of said basic domain and said trusted extension domain further comprises a virtual machine monitor, which maps virtual devices to real hardware devices, to virtualize the file system, the device, and the CPU.
  - 37. The information communication information processing device as defined in claim 26, wherein each of said basic domain, said trusted extension domain, and said untrusted extension domain further comprises a virtual machine monitor, which maps virtual devices to real hardware devices, to virtualize the file system, the device, and the CPU.
  - 38. The information processing device as defined in claim 36, wherein the virtual machine monitor in the basic domain requests the virtual machine monitor in the trusted extension domain or the untrusted extension domain to transfer CPU resources;
    - the virtual machine monitor in the trusted extension domain or the untrusted extension domain notifies a transferable CPU to the virtual machine monitor in the basic domain; and
      
      the virtual machine monitor in the basic domain increases virtual CPU resources in the basic domain.
  - 39. The information processing device as defined in claim 25, wherein each group of processors in the domain can be separated into multiple processors by means of separation means.
  - 40. The information processing device as defined in claim 25, wherein the processor in the basic domain manages the processors in other domains.

41. A program execution control method comprising:
- sending data or a command between processors via inter-processor communication means, said processors being divided into a plurality of domains according to a trust level of a program to be executed, said processors belonging to different domains; and
  
  limiting access, made by a processor belonging to a domain, where at least one program whose trust level is lower than a predetermined trust level is executed, to a memory and/or an input/output device belonging to a domain, where a program whose trust level is equal to or higher than the predetermined trust level is executed, according to the trust level of the domain where at least one program whose trust level is lower than the predetermined trust level is executed.

42. A program execution environment control method for use in an information processing system, said information processing system comprising:
- a basic domain that includes;
  
  a basic software environment;
  
  an external device and/or a file system; and
  
  an operating system, said basic domain further comprising a security policy database that stores security information on downloaded data and native code download management means that controls a download of native-code downloaded data; and
  
  a trusted extension domain which includes;
  
  native-code download execution means that controls an execution of a native-code downloaded program; and
  
  an operating system;
  
  wherein, in said trusted extension domain, a downloaded application program (referred to as “
  
  trusted application program”
  
  ), which is determined as trusted by the native code download management means in the basic domain, is executed; and
  
  a downloaded device driver (referred to as “
  
  trusted driver”
  
  ), which is determined as trusted by the native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said trusted driver to execute trusted additional processing, said program execution environment control method comprising;
  
  communicating, by a processor in the basic domain and a processor in the trusted extension domain, with each other via inter-processor communication means; and
  
  limiting access, made by the processor belonging to the trusted extension domain, to a memory and/or an input/output device in the basic domain by means of access control means.
- View Dependent Claims (44, 45, 46, 47, 50, 51, 54, 56)
- - 44. The program execution environment control method as defined in claim 42, further comprising:
    - checking a certificate of the downloaded data by said native code download management means in said basic domain, when downloaded data is input from said external device in the basic domain; and
      
      sending the downloaded data to said native-code download execution means in said trusted extension domain, if a result of the checking indicates that the certificate is valid.
  - 45. The program execution environment control method as defined in claim 42, further comprising:
    - checking a certificate of the downloaded data by said native code download management means in said basic domain, when downloaded data is input from said external device in the basic domain;
      
      sending the downloaded data to said native-code download execution means in said trusted extension domain, if a result of the checking indicates that the certificate is valid; and
      
      sending the downloaded data to said native-code download execution means in said untrusted extension domain, if the result of the checking indicates that there is no certificate or a content of the certificate is invalid.
  - 46. The program execution environment control method as defined in claim 42, further comprising:
    - checking a certificate of the downloaded application program by said native code download management means in the basic domain, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded application program; and
      
      sending the downloaded application program to said native code download execution means in the trusted extension domain, if a result of the checking indicates that the certificate is valid.
  - 47. The program execution environment control method as defined in claim 42, further comprising:
    - checking a certificate of the downloaded driver by said native code download management means, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded driver;
      
      sending the downloaded driver to said native code download execution means in the trusted extension domain, if a result of the checking indicates that the certificate is valid; and
      
      installing the downloaded driver into the operating system in the trusted extension domain by said native code download execution means in the trusted extension domain.
  - 50. The program execution environment control method as defined in claim 42, wherein said trusted extension domain further comprises a basic function library that includes a processing group, which issues a request to a basic function in the basic software environment in the basic domain, as a library, said program execution environment control method further comprising:
    - sending a request to said native code download management means in the basic domain by said basic function library in response to a request from the application program downloaded in the trusted extension domain; and
      
      checking by said native code download management means in the basic domain if the request received from the trusted extension domain is valid and, if the request is valid, requesting said basic function in the basic software environment to process the request.
  - 51. The program execution environment control method as defined in claim 50, further comprising:
    - processing the request and notifying a completion of the processing to said native code download management means in the basic domain by said basic function in the basic domain; and
      
      notifying, by said native code download management means in the basic domain, the completion to the basic function library in the trusted extension domain and notifying the completion of the processing from said basic function library to said application program.
  - 54. The program execution environment control method as defined in claim 42, wherein each of said basic domain and said trusted extension domain further comprises a virtual machine monitor, which maps virtual devices to real hardware devices, to virtualize the file system, the device, and the CPU.
  - 56. The program execution environment control method as defined in claim 54, further comprising:
    - requesting, by the virtual machine monitor in the basic domain, the virtual machine monitor in the trusted extension domain to transfer CPU resources; and
      
      notifying, by the virtual machine monitor in the trusted extension domain, a transferable CPU to the virtual machine monitor in the basic domain, whereby the virtual machine monitor in the basic domain increases virtual CPU resources in the basic domain.

43. A program execution environment control method for use in an information processing system, said information processing system comprising:
- a basic domain that comprises;
  
  a basic software environment;
  
  an external device and/or a file system;
  
  an operating system;
  
  a security policy database that stores security information on downloaded data; and
  
  native code download management means that controls a download of native-code downloaded data;
  
  a trusted extension domain that includes;
  
  native-code download execution means that controls an execution of a native-code downloaded program; and
  
  an operating system;
  
  wherein, in said trusted extension domain, a downloaded application program (referred to as “
  
  trusted application program”
  
  ), which is determined as trusted by said native code download management means in the basic domain, is executed; and
  
  a downloaded device driver (referred to as “
  
  trusted driver”
  
  ), which is determined as trusted by the native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said trusted driver to execute trusted additional processing, and an untrusted extension domain that includes;
  
  native-code download execution means that controls an execution of a native-code downloaded program; and
  
  an operating system;
  
  wherein, in said untrusted extension domain, a downloaded application program (referred to as “
  
  untrusted application program”
  
  ), which is determined as untrusted by said native code download management means in the basic domain, is executed; and
  
  a downloaded device driver (referred to as “
  
  untrusted driver”
  
  ), which is determined as untrusted by said native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said device driver to execute untrusted additional processing, said program execution environment control method comprising;
  
  communicating, by a processor in the basic domain, a processor in the trusted extension domain, and a processor in the untrusted extension domain, with each other via inter-processor communication means;
  
  limiting access, made by the processor belonging to the trusted extension domain, to a memory and/or an input/output device in the basic domain by means of first access control means; and
  
  limiting access, made by the processor belonging to the untrusted extension domain, to the memory and/or the input/output device in the basic domain by means of second access control means.
- View Dependent Claims (48, 49, 52, 53, 55, 57)
- - 48. The program execution environment control method as defined in claim 43, further comprising:
    - checking a certificate of the downloaded application program by said native code download management means in the basic domain, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded application program; and
      
      sending the downloaded application program to said native code download execution means in the untrusted extension domain via said native code download execution means in the trusted extension domain, if a result of the checking indicates that there is no certificate or a content of the certificate is invalid.
  - 49. The program execution environment control method as defined in claim 43, further comprising:
    - checking a certificate of the downloaded driver by said native code download management means in the basic domain, when downloaded data is input from said external device in the basic domain and if said basic function recognizes the downloaded data as a downloaded driver;
      
      sending the downloaded driver to said native code download execution means in the untrusted extension domain via said native code download execution means in the trusted extension domain, if a result of the checking indicates that there is no certificate or a content of the certificate is invalid; and
      
      installing the downloaded driver into the operating system in the untrusted extension domain by said native code download execution means in the untrusted extension domain.
  - 52. The program execution environment control method as defined in claim 43, wherein said trusted extension domain further comprises a basic function library that includes a processing group, which issues a request to a basic function in the basic software environment in the basic domain, as a library, said program execution environment control method further comprising:
    - sending data from the application program, downloaded in the untrusted extension domain, to the application program in the trusted extension domain;
      
      issuing, by the application program in the trusted extension domain, a request, which includes the data received from the downloaded application program in the untrusted extension domain, to said basic function library;
      
      sending, by said basic function library, the request to said native code download management means in the basic domain in response to the request from the application program in the trusted extension domain;
      
      checking, by said native code download management means in the basic domain, if the received request is valid;
      
      requesting the basic function in the basic software environment to process the request, if the request is valid as a result of the checking, requesting a user to confirm the request and, if a confirmation result indicates permission; and
      
      notifying no permission to said basic function library by said native code download management means, if the confirmation result of the user indicates no permission.
  - 53. The program execution environment control method as defined in claim 52, further comprising:
    - processing the request and notifying a completion of the processing to said native code download management means in the basic domain by said basic function;
      
      notifying, by said native code download management means in the basic domain, the completion to the basic function library in the trusted extension domain;
      
      notifying the completion of the processing from said basic function library to the downloaded application program; and
      
      notifying, by said downloaded application program, the completion of the processing to the downloaded application program in the untrusted extension domain.
  - 55. The program execution environment control method as defined in claim 43, wherein each of said basic domain, said trusted extension domain, and said untrusted extension domain further comprises a virtual machine monitor, which maps virtual devices to real hardware devices, to virtualize the file system, the device, and the CPU.
  - 57. The program execution environment control method as defined in claim 55, further comprising:
    - requesting, by the virtual machine monitor in the basic domain, the virtual machine monitor in the trusted extension domain and/of the untrusted extension domain to transfer CPU resources; and
      
      notifying, by the virtual machine monitor in the trusted extension domain and/or the untrusted extension domain, a transferable CPU to the virtual machine monitor in the basic domain, whereby the virtual machine monitor in the basic domain increases virtual CPU resources in the basic domain.

58. A program execution environment control information processing device, comprising:
- a basic software environment;
  
  an external device and/or a file system;
  
  an operating system, a security policy database that stores security information on downloaded data; and
  
  native code download management means that controls a download of native-code downloaded data;
  
  wherein said native code download management means checks a trust level of a downloaded program based on a certificate of the downloaded program and, based on a result of the checking, determines whether or not a request may be issued to one or more domains, defined by a trust level of the program to be executed, or a content of the request.

59. A portable information terminal comprising a plurality of processors;
- said plurality of processors including a processor constituting a first domain and a processor constituting a second domain different from the first domain;
  
  wherein the second domain includes a processor having at least one processing that is lower in a trust level than processing executed by the processor belonging to the first domain, inter-processor communication means that controls communication between the processor in the first domain and the processor in the second domain; and
  
  access control means that limits access, made by the processor belonging to the second domain, to a memory and/or an input/output device belonging to the first domain according to a trust level of processing executed in the second domain.

60. An information communication device comprising a plurality of processors;
- wherein said plurality of processors constitute a plurality of domains according to a trust level of processing to be executed; and
  
  the processors in different domains communicate with each other via inter-processor communication means, said information communication device further comprising access control means that controls access which is made by a processor belonging to a domain where relatively lower security processing is executed to a memory and/or an input/output device belonging to a domain where relatively higher security processing is executed.

61. An information communication device comprising:
- at least one processor (referred to as “
  
  first class processor”
  
  ) that executes predetermined first class processing;
  
  at least one processor (referred to as “
  
  second class processor”
  
  ) that executes predetermined second class processing that is different from the first class processing;
  
  a memory and an input/output device;
  
  inter-processor communication means that controls communication between said first class processor and said second class processor; and
  
  access control means that controls access, made by said second class processor, to said memory and/or said input/output device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Sakai, Junji, Inoue, Hiroaki, Abe, Tsuyoshi, Edahiro, Masato

Granted Patent

US 8,640,194 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 21/56 Computer malware detection ...

Information Communication Device and Program Execution Environment Control Method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

61 Claims

Specification

Solutions

Use Cases

Quick Links

Information Communication Device and Program Execution Environment Control Method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

61 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links