Information Communication Device and Program Execution Environment Control Method
First Claim
1. An information processing device comprising:
- a plurality of processors, said plurality of processors including a processor constituting a first domain and a processor constituting a second domain which is different from the first domain;
wherein the second domain includes a processor having at least one processing that is lower in a trust level than processing executed by the processor belonging to the first domain;
inter-processor communication means that controls communication between the processor in the first domain and the processor in the second domain; and
access control means that limits access, made by the processor belonging to the second domain, to a memory and/or an input/output device belonging to the first domain according to a trust level of processing executed by the processor belonging to the second domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A device and a method are provided for increasing processing speed and for ensuring system security when an application or a driver is added. The device includes a first CPU group 10A that executes software 20A composed of basic processing 22 and an OS 21A; a second CPU group 10B that executes software 20B composed of additional processing 23 and OS 21B corresponding to the additional processing, inter-processor communication means 40, and 402 used for communication between the first CPU 10A and the second CPU 10B, and access control means 30 that controls access made by the second CPU 10B to a memory 50 and/or an input/output device 60.
-
Citations
61 Claims
-
1. An information processing device comprising:
-
a plurality of processors, said plurality of processors including a processor constituting a first domain and a processor constituting a second domain which is different from the first domain;
wherein the second domain includes a processor having at least one processing that is lower in a trust level than processing executed by the processor belonging to the first domain;
inter-processor communication means that controls communication between the processor in the first domain and the processor in the second domain; and
access control means that limits access, made by the processor belonging to the second domain, to a memory and/or an input/output device belonging to the first domain according to a trust level of processing executed by the processor belonging to the second domain. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An information processing device comprising:
-
at least one processor (referred to as “
first class processor”
) that executes predetermined first class processing;
at least one processor (referred to as “
second class processor”
) that executes second class processing that is different from the first class processing;
a memory and an input/output device;
inter-processor communication means that controls communication between said first class processor and said second class processor; and
access control means that limits access, made by said second class processor, to said memory and/or said input/output device according to a trust level of the second class processing. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A program execution control method comprising:
-
sending data or a command between processors via inter-processor communication means, said processors being divided into a plurality of domains according to a trust level of a program to be executed, said processors belonging to different domains; and
limiting access, made by a processor belonging to a domain, where at least one program whose trust level is lower than a predetermined trust level is executed, to a memory and/or an input/output device belonging to a domain, where a program whose trust level is equal to or higher than the predetermined trust level is executed, according to the trust level of the domain where at least one program whose trust level is lower than the predetermined trust level is executed.
-
-
42. A program execution environment control method for use in an information processing system, said information processing system comprising:
-
a basic domain that includes;
a basic software environment;
an external device and/or a file system; and
an operating system, said basic domain further comprising a security policy database that stores security information on downloaded data and native code download management means that controls a download of native-code downloaded data; and
a trusted extension domain which includes;
native-code download execution means that controls an execution of a native-code downloaded program; and
an operating system;
wherein, in said trusted extension domain, a downloaded application program (referred to as “
trusted application program”
), which is determined as trusted by the native code download management means in the basic domain, is executed; and
a downloaded device driver (referred to as “
trusted driver”
), which is determined as trusted by the native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said trusted driver to execute trusted additional processing,said program execution environment control method comprising;
communicating, by a processor in the basic domain and a processor in the trusted extension domain, with each other via inter-processor communication means; and
limiting access, made by the processor belonging to the trusted extension domain, to a memory and/or an input/output device in the basic domain by means of access control means. - View Dependent Claims (44, 45, 46, 47, 50, 51, 54, 56)
-
-
43. A program execution environment control method for use in an information processing system, said information processing system comprising:
-
a basic domain that comprises;
a basic software environment;
an external device and/or a file system;
an operating system;
a security policy database that stores security information on downloaded data; and
native code download management means that controls a download of native-code downloaded data;
a trusted extension domain that includes;
native-code download execution means that controls an execution of a native-code downloaded program; and
an operating system;
wherein, in said trusted extension domain, a downloaded application program (referred to as “
trusted application program”
), which is determined as trusted by said native code download management means in the basic domain, is executed; and
a downloaded device driver (referred to as “
trusted driver”
), which is determined as trusted by the native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said trusted driver to execute trusted additional processing, and an untrusted extension domain that includes;
native-code download execution means that controls an execution of a native-code downloaded program; and
an operating system;
wherein, in said untrusted extension domain, a downloaded application program (referred to as “
untrusted application program”
), which is determined as untrusted by said native code download management means in the basic domain, is executed; and
a downloaded device driver (referred to as “
untrusted driver”
), which is determined as untrusted by said native code download management means in the basic domain, is installed in said operating system and a permitted external device prepared in advance is accessed by said device driver to execute untrusted additional processing,said program execution environment control method comprising;
communicating, by a processor in the basic domain, a processor in the trusted extension domain, and a processor in the untrusted extension domain, with each other via inter-processor communication means;
limiting access, made by the processor belonging to the trusted extension domain, to a memory and/or an input/output device in the basic domain by means of first access control means; and
limiting access, made by the processor belonging to the untrusted extension domain, to the memory and/or the input/output device in the basic domain by means of second access control means. - View Dependent Claims (48, 49, 52, 53, 55, 57)
-
-
58. A program execution environment control information processing device, comprising:
-
a basic software environment;
an external device and/or a file system;
an operating system, a security policy database that stores security information on downloaded data; and
native code download management means that controls a download of native-code downloaded data;
whereinsaid native code download management means checks a trust level of a downloaded program based on a certificate of the downloaded program and, based on a result of the checking, determines whether or not a request may be issued to one or more domains, defined by a trust level of the program to be executed, or a content of the request.
-
-
59. A portable information terminal comprising a plurality of processors;
-
said plurality of processors including a processor constituting a first domain and a processor constituting a second domain different from the first domain;
wherein the second domain includes a processor having at least one processing that is lower in a trust level than processing executed by the processor belonging to the first domain, inter-processor communication means that controls communication between the processor in the first domain and the processor in the second domain; and
access control means that limits access, made by the processor belonging to the second domain, to a memory and/or an input/output device belonging to the first domain according to a trust level of processing executed in the second domain.
-
-
60. An information communication device comprising a plurality of processors;
- wherein said plurality of processors constitute a plurality of domains according to a trust level of processing to be executed; and
the processors in different domains communicate with each other via inter-processor communication means, said information communication device further comprising access control means that controls access which is made by a processor belonging to a domain where relatively lower security processing is executed to a memory and/or an input/output device belonging to a domain where relatively higher security processing is executed.
- wherein said plurality of processors constitute a plurality of domains according to a trust level of processing to be executed; and
-
61. An information communication device comprising:
-
at least one processor (referred to as “
first class processor”
) that executes predetermined first class processing;
at least one processor (referred to as “
second class processor”
) that executes predetermined second class processing that is different from the first class processing;
a memory and an input/output device;
inter-processor communication means that controls communication between said first class processor and said second class processor; and
access control means that controls access, made by said second class processor, to said memory and/or said input/output device.
-
Specification