Confidential Information Processing Device

US 20080010686A1
Filed: 11/07/2005
Published: 01/10/2008
Est. Priority Date: 11/11/2004
Status: Abandoned Application

First Claim

Patent Images

1. A secret information processing apparatus for controlling accesses to resources therein from external apparatuses, the secret information processing apparatus comprising:

a level storage unit storing access control levels that are assigned to the resources and are used as a standard in judging whether or not to permit an access to any of the resources from any of the external apparatuses;

a program storage unit storing an update target program;

a receiving unit operable to receive, from one of the external apparatuses, a request to update the update target program;

an update unit operable to perform an update process for updating the update target program if the receiving unit receives the request;

an access control unit operable to determine whether or not to permit accesses to the resources from the external apparatus, in accordance with the access control levels corresponding to the resources; and

a level changing unit operable to change, during the update process performed by the update unit, access control levels of resources, which are to be accessed by the update unit during the update process and whose access control levels indicate that accesses from the external apparatus are permitted, to levels indicating that accesses from the external apparatus are not permitted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secret information processing apparatus including: a control unit 102 storing access control levels assigned to resources in the apparatus and used as a standard in judging whether to permit an access to any resource from any external apparatus; a secret information storage unit 105 storing an update target program; and an internal CPU 103 that performs an update process for updating the update target program if an update request is received. The control unit 102 determines whether to permit accesses to the resources from the external apparatus, in accordance with the access control levels. The internal CPU 103 changes, during the update process, access control levels of resources, which are to be accessed by the update unit during the update process and whose access control levels indicate that accesses are permitted, to levels indicating that accesses are not permitted.

Citations

29 Claims

1. A secret information processing apparatus for controlling accesses to resources therein from external apparatuses, the secret information processing apparatus comprising:
- a level storage unit storing access control levels that are assigned to the resources and are used as a standard in judging whether or not to permit an access to any of the resources from any of the external apparatuses;
  
  a program storage unit storing an update target program;
  
  a receiving unit operable to receive, from one of the external apparatuses, a request to update the update target program;
  
  an update unit operable to perform an update process for updating the update target program if the receiving unit receives the request;
  
  an access control unit operable to determine whether or not to permit accesses to the resources from the external apparatus, in accordance with the access control levels corresponding to the resources; and
  
  a level changing unit operable to change, during the update process performed by the update unit, access control levels of resources, which are to be accessed by the update unit during the update process and whose access control levels indicate that accesses from the external apparatus are permitted, to levels indicating that accesses from the external apparatus are not permitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The secret information processing apparatus of claim 1, wherein the level changing unit returns the access control levels that were changed during the update process, to the access control levels before the change, after the update process.
  - 3. The secret information processing apparatus of claim 1, wherein each access control level is represented by a rank, the secret information processing apparatus further comprising a level receiving unit operable to receive an access control level assigned to the external apparatus, from the external apparatus, if a rank indicated by the received access control level is equal to or higher than a rank indicated by an access control level of a resource, the access control unit permits the external apparatus to access the resource, and if the rank indicated by the received access control level is lower than the rank indicated by the access control level of the resource, the access control unit does not permit the external apparatus to access the resource.
  - 4. The secret information processing apparatus of claim 3, wherein the receiving unit is one of the resources, and receives the update request only if the access control unit permits the external apparatus to access the receiving unit.
  - 5. The secret information processing apparatus of claim 3 further comprising an upper limit value storage unit storing an upper limit value of the ranks, and if the rank indicated by the received access control level of the external apparatus is higher than the upper limit value, the access control unit does not permit the external apparatus to access any of the resources.
  - 6. The secret information processing apparatus of claim 1 further comprising an authentication unit operable to perform an authentication of the external apparatus, and if the authentication unit does not confirm an authenticity of the external apparatus through the authentication, the access control unit does not permit the external apparatus to access any of the resources.
  - 7. The secret information processing apparatus of claim 1 further comprising a decryption unit operable to receive, from the external apparatus, an encrypted update program for the update target program, and decrypt the received encrypted update program to generate an update program, the decryption unit includes a data output sub-unit that is one of the resources that may be changed by the level changing unit, and is operable to output the update program generated by the decryption unit, and the update unit performs the update process by accessing the data output sub-unit to receive the update program, and storing the received update program in the program storage unit.
  - 8. The secret information processing apparatus of claim 7, wherein the program storage unit includes a program storage sub-unit and a save sub-unit, the program storage sub-unit stores the update target program and a context of the update target program, the update unit includes:
    - a take-over judging unit operable to judge whether or not the update program should take over the context of the update target program;
      
      a save unit operable to save the context of the update target program into the save sub-unit if the take-over judging unit judges that the update program should take over the context; and
      
      a hash value calculating unit operable to calculate a hash value of the update target program, wherein the decryption unit further receives an encrypted hash value that is generated by encrypting the hash value of the update target program, decrypts the received encrypted hash value, and outputs a hash value generated by decrypting the encrypted hash value, to the data output sub-unit, and the update unit receives the hash value, generated by the decryption unit, of the update target program from the data output sub-unit, and stores the update program and the context of the update target program in the program storage sub-unit only if the received hash value matches the calculated hash value.
  - 9. The secret information processing apparatus of claim 8, wherein the decryption unit further receives, from the external apparatus, an encrypted hash value that is generated by encrypting a hash value of the update program, decrypts the received encrypted hash value, and outputs a hash value generated by decrypting the encrypted hash value, to the data output sub-unit, the hash value calculating unit further calculates a hash value of the update program if a hash value of the received update target program matches the calculated hash value of the update target program, and the update unit receives the hash value, generated by the decryption unit, of the update program from the data output sub-unit, and stores the update program and the context of the update target program in the program storage sub-unit only if the received hash value of the update program matches the calculated hash value of the update program.
  - 10. The secret information processing apparatus of claim 8, wherein the update unit further deletes the context of the update target program from the save sub-unit if the received hash value of the update target program does not match the calculated hash value of the update target program.
  - 11. The secret information processing apparatus of claim 10, wherein the update unit further deletes the update program from the program storage unit if the received hash value of the update program does not match the calculated hash value of the update program.
  - 12. The secret information processing apparatus of claim 7, wherein the program storage unit includes a program storage sub-unit and a save sub-unit, the program storage sub-unit stores the update target program and a context of the update target program, the save sub-unit stores a multiple generation hash value that is calculated based on hash values of each of a plurality of updated programs having been updated starting from an initial program up to the update target program, the update unit includes:
    - a take-over judging unit operable to judge whether or not the update program should take over the context of the update target program; and
      
      a save unit operable to save the context of the update target program into the save sub-unit if the take-over judging unit judges that the update program should take over the context, wherein the decryption unit further receives, from the external apparatus, an encrypted hash value that is generated by encrypting a multiple generation hash value, decrypts the received encrypted hash value, and outputs a multiple generation hash value generated by decrypting the encrypted hash value, to the data output sub-unit, and the update unit receives, from the data output sub-unit, the multiple generation hash value generated by the decryption unit, and stores the update program and the context of the update target program in the program storage sub-unit only if the received multiple generation hash value matches the multiple generation hash value stored in the save sub-unit.
  - 13. The secret information processing apparatus of claim 12, wherein the decryption unit further receives an encrypted hash value that is generated by encrypting a hash value of the update program, decrypts the received encrypted hash value, and outputs a hash value generated by decrypting the encrypted hash value, to the data output sub-unit, and the update unit further calculates a hash value of the update program by performing a hash calculation on the update. program if the received multiple generation hash value matches the multiple generation hash value stored in the save sub-unit, receives the hash value, generated by the decryption unit, of the update program from the data output sub-unit, and stores the update program and the context of the update target program in the program storage sub-unit only if the received hash value of the update program matches the calculated hash value of the update program.
  - 14. The secret information processing apparatus of claim 13, wherein the update unit further concatenates the multiple generation hash value stored in the save sub-unit with the calculated hash value of the update program to generate a concatenated value, calculates a multiple generation hash value by performing the hash calculation on the concatenated value, and replaces the multiple generation hash value stored in the save sub-unit with the calculated multiple generation hash value.
  - 15. The secret information processing apparatus of claim 12, wherein the update unit further deletes the context of the update target program from the save sub-unit if the received multiple generation hash value does not match the multiple generation hash value stored in the save sub-unit.
  - 16. The secret information processing apparatus of claim 15, wherein the update unit further deletes the update program from the program storage unit if the received hash value of the update program does not match the calculated hash value of the update program.
  - 17. The secret information processing apparatus of claim 7, wherein the program storage unit further stores a context of the update target program, the update unit includes:
    - a take-over judging unit operable to judge whether or not the update program should take over the context of the update target program;
      
      an output judging unit operable to judge whether or not to output the context if the take-over judging unit judges that the update program should not take over the context; and
      
      a hash value calculating unit operable to calculate a hash value of the update target program if the output judging unit judges to output the context, the secret information processing apparatus further comprising an encryption unit operable to encrypt the calculated hash value and the context, wherein the update unit concatenates the encrypted hash value with the encrypted context to generate a concatenated encrypted hash value and context and outputs the concatenated encrypted hash value and context to outside the secret information processing apparatus.
  - 18. The secret information processing apparatus of claim 7, wherein the program storage unit includes a program storage sub-unit and a save sub-unit, the program storage sub-unit stores the update target program and a context of the update target program, the update unit includes:
    - a take-over judging unit operable to judge whether or not the update program should take over the context of the update target program;
      
      a save judging unit operable to judge whether or not to save the context of the update target program into the save sub-unit if the take-over judging unit judges that the update program should to take over the context;
      
      a hash value calculating unit operable to calculate a hash value of the update target program if the save judging unit judges to save the context; and
      
      a save unit operable to concatenate the hash value with the context to generate a concatenated hash value and context and saves the concatenated hash value and context into the save sub-unit.
  - 19. The secret information processing apparatus of claim 7, wherein the decryption unit further receives, from the external apparatus, an encrypted hash value of the update program and an encrypted context of the update program, and decrypts the received encrypted hash value and context to generate a hash value and a context, the update unit includes:
    - a hash value calculating unit operable to calculate a hash value of-the update program; and
      
      a hash value judging unit operable to judge whether or not the calculated hash value of the update program matches the hash value of the update program generated by the decryption unit, wherein the update unit stores the context generated by the decryption unit into the program storage unit as the context of the update program if the hash value judging unit judges that the calculated hash value matches the hash value generated by the decryption unit, and deletes the update program from the program storage unit if the hash value judging unit judges that the calculated hash value does not match the hash value generated by the decryption unit.
  - 20. The secret information processing apparatus of claim 7, wherein the program storage unit includes a program storage sub-unit and a save sub-unit, the program storage sub-unit stores the update program, the save sub-unit stores a plurality of pieces of concatenated data each of which is generated by concatenating a context of an update program and a hash value of the update program, the update unit includes:
    - a hash value calculating unit operable to calculate a hash value of the update program; and
      
      a concatenated data judging unit operable to judge whether or not a piece of concatenated data having a same hash value as the calculated hash value is stored in the save sub-unit, wherein if the concatenated data judging unit judges that the piece of concatenated data is stored, the update unit stores a context of an update program included in the piece of concatenated data, into the program storage sub-unit, and if the concatenated data judging unit judges that the piece of concatenated data is not stored, the update unit deletes the update program from the program storage sub-unit.
  - 21. The secret information processing apparatus of claim 7, wherein the program storage unit includes a program storage sub-unit and a save sub-unit, the program storage sub-unit stores the update target program and a context of the update target program, the save sub-unit stores a chain value that is indicated by an encrypted update target program, the update program is encrypted by using an encryption key and the chain value, the update unit includes:
    - a take-over judging unit operable to judge whether or not the update program should take over the context of the update target program; and
      
      a save unit operable to save the context of the update target program into the save sub-unit if the take-over judging unit judges that the update program should take over the context, wherein the decryption unit further receives decrypts the update program received from the external apparatus, using the encryption key and the chain value stored in the save sub-unit, and outputs the decrypted update program to the data output sub-unit, and the update unit receives the decrypted update program from the data output sub-unit, and stores the received update program and the context of the update target program in the program storage sub-unit.
  - 22. The secret information processing apparatus of claim 1, wherein the program storage unit includes a bank storing the update target program and includes a bank storing an update program corresponding to the update target program, and the update unit performs the update process by switching between the banks included in the program storage unit.
  - 23. The secret information processing apparatus of claim 22, wherein the bank storing the update target program stores a context of the update target program, the receiving unit receives, as the update request, bank information which specifies a bank that is to be switched and stores the update program, the update unit includes:
    - a take-over judging unit operable to judge whether or not the update program should take over the context of the update target program; and
      
      a bank switching unit operable to switch an access target bank included in the program storage unit, from the bank storing the update target program to the bank storing the update program, if the take-over judging unit judges that the update program should take over the context, wherein the update unit stores the context of the update target program into the bank to which the bank switching unit switched.
  - 24. The secret information processing apparatus of claim 23, wherein the update target program includes take-over bank information that specifies a bank storing an update program that corresponds to the update target program and can take over the context of the update target program, the update unit includes a take-over bank judging unit operable to judge whether or not the bank specified by the received bank information matches the bank specified by the take-over bank information, wherein the bank switching unit switches the access target bank included in the program storage unit, from the bank storing the update target program to the bank storing the update program, if the take-over bank judging unit judges that the bank specified by the received bank information matches the bank specified by the take-over bank information.
  - 25. The secret information processing apparatus of claim 3, wherein each access control level is represented by one of three or more ranks.
  - 26. The secret information processing apparatus of claim 3 further comprising an upper limit value storage unit storing an upper limit value of the ranks, and if the rank indicated by the received access control level of the external apparatus is higher than the upper limit value, the access control unit judges whether or not to permit the external apparatus to access any of the resources by regarding the rank indicated by the received access control level as equivalent with the upper limit value.

27. A secret information processing method for use in a secret information processing apparatus for controlling accesses to resources therein from external apparatuses, the secret information processing apparatus including:
- a level storage unit storing access control levels that are assigned to the resources and are used as a standard in judging whether or not to permit an access to any of the resources from any of the external apparatuses; and
  
  a program storage unit storing an update target program, the secret information processing method comprising the steps of;
  
  receiving, from one of the external apparatuses, a request to update the update target program;
  
  performing an update process for updating the update target program if the request is received;
  
  determining whether or not to permit accesses to the resources from the external apparatus, in accordance with the access control levels corresponding to the resources; and
  
  changing, during the update process performed by the update unit, access control levels of resources, which are to be accessed by the update unit during the update process and whose access control levels indicate that accesses from the external apparatus are permitted, to levels indicating that accesses from the external apparatus are not permitted.

28. A program for causing a secret information processing apparatus, which controls accesses to resources therein from external apparatuses, to perform a secret information process, the secret information processing apparatus including:
- a level storage unit storing access control levels that are assigned to the resources and are used as a standard in judging whether or not to permit an access to any of the resources from any of the external apparatuses; and
  
  a program storage unit storing an update target program, the secret information process comprising the steps of;
  
  receiving, from one of the external apparatuses, a request to update the update target program;
  
  performing an update process for updating the update target program if the request is received;
  
  determining whether or not to permit accesses to the resources from the external apparatus, in accordance with the access control levels corresponding to the resources; and
  
  changing, during the update process performed by the update unit, access control levels of resources, which are to be accessed by the update unit during the update process and whose access control levels indicate that accesses from the external apparatus are permitted, to levels indicating that accesses from the external apparatus are not permitted.

29. A computer-readable recording medium recording therein a program for causing a secret information processing apparatus, which controls accesses to resources therein from external apparatuses, to perform a secret information process, the secret information processing apparatus including:
- a level storage unit storing access control levels that are assigned to the resources and are used as a standard in judging whether or not to permit an access to any of the resources from any of the external apparatuses; and
  
  a program storage unit storing an update target program, the secret information process comprising the steps of;
  
  receiving, from one of the external apparatuses, a request to update the update target program;
  
  performing an update process for updating the update target program if the request is received;
  
  determining whether or not to permit accesses to the resources from the external apparatus, in accordance with the access control levels corresponding to the resources; and
  
  changing, during the update process performed by the update unit, access control levels of resources, which are to be accessed by the update unit during the update process and whose access control levels indicate that accesses from the external apparatus are permitted, to levels indicating that accesses from the external apparatus are not permitted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Nemoto, Yusuke, Torisaki, Yuishi, Fujiwara, Makoto

Application Number

US11/665,822
Publication Number

US 20080010686A1
Time in Patent Office

Days
Field of Search
US Class Current

726/027
CPC Class Codes

G06F 12/1491   in a hierarchical protectio...

G06F 21/10   Protecting distributed prog...

G06F 21/62   Protecting access to data v...

Confidential Information Processing Device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Confidential Information Processing Device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links