INFORMATION PROCESSING DEVICE AND COMPUTER PROGRAM PRODUCT

US 20140298026A1
Filed: 01/08/2014
Published: 10/02/2014
Est. Priority Date: 03/26/2013
Status: Active Grant

First Claim

Patent Images

1. An information processing device comprising:

a main memory unit configured to store data;

a main processor unit configured toselectively switch between a secure mode and a non-secure mode,read and write data from and to the main memory unit, andwrite an OS execution image to the main memory unit, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus;

a secure OS unit configured to be executed by the main processor unit in the secure mode;

an execution module configured to be executed by the main processor unit in the secure mode;

a non-secure OS unit configured to be executed by the main processor unit in the non-secure mode;

a secure monitor memory setting unit configured to set a shared memory area and an execution module memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the execution module memory area allowing reading and writing in the secure mode of the main processor unit but not allowing reading or writing in the non-secure mode of the main processor unit;

an address space control unit configured todetermine the mode of the main processor unit based on the state information received from the bus, andcontrol allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to settings performed by the secure monitor memory unit;

a shared memory area writing unit configured to write an execution module to be executed in the secure OS unit to the shared memory area of the main memory unit;

an execution module loading unit configured to write the execution module that has been written to the shared memory area, to the execution module memory area; and

an application executing unit configured to execute the execution module that has been written to the execution module memory area.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an embodiment, a device includes a processor unit, a control unit, a setting unit, a writing unit, and an executing unit. The processor unit is configured to switch between secure and non-secure modes, read/write data from/to a memory unit, and write an OS execution image of a secure OS unit to the memory unit. The setting unit is configured to set a shared memory area allowing reading and writing in both modes and an execution module memory area allowing reading and writing in the secure mode but not allowing reading or writing in the non-secure mode with respect to the control unit. The writing unit is configured to write an execution module to be executed in the secure OS unit to the shared memory area. The executing unit is configured to execute the execution module that has been written to the execution module memory area.

90 Citations

View as Search Results

17 Claims

1. An information processing device comprising:
- a main memory unit configured to store data;
  
  a main processor unit configured toselectively switch between a secure mode and a non-secure mode,read and write data from and to the main memory unit, andwrite an OS execution image to the main memory unit, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus;
  
  a secure OS unit configured to be executed by the main processor unit in the secure mode;
  
  an execution module configured to be executed by the main processor unit in the secure mode;
  
  a non-secure OS unit configured to be executed by the main processor unit in the non-secure mode;
  
  a secure monitor memory setting unit configured to set a shared memory area and an execution module memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the execution module memory area allowing reading and writing in the secure mode of the main processor unit but not allowing reading or writing in the non-secure mode of the main processor unit;
  
  an address space control unit configured todetermine the mode of the main processor unit based on the state information received from the bus, andcontrol allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to settings performed by the secure monitor memory unit;
  
  a shared memory area writing unit configured to write an execution module to be executed in the secure OS unit to the shared memory area of the main memory unit;
  
  an execution module loading unit configured to write the execution module that has been written to the shared memory area, to the execution module memory area; and
  
  an application executing unit configured to execute the execution module that has been written to the execution module memory area.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The device according to claim 1, further comprising a command selecting unit configured to determine whether a command issued by the non-secure OS unit to the secure OS unit indicates writing of the execution module to the execution module memory area of the main memory unit or indicates execution of the execution module, whereinthe execution module loading unit is configured to write the execution module that has been written to the shared memory area, to the execution module memory area when a command issued by the non-secure OS unit indicates writing of the execution module to the execution module memory area of the main memory unit,the application executing unit is configured to execute the execution module that has been written to the execution module memory area when a command issued by the non-secure OS unit indicates execution of the execution module,the shared memory area writing unit is configured to be executed in the non-secure mode, andthe execution module loading unit and the application executing unit are configured to be executed in the secure mode.
  - 3. The device according to claim 1, further comprisinga command selecting unit configured to determine whether a command issued by the non-secure OS unit to the secure OS unit indicates verification of a signature of the execution module,a hash value calculator configured to calculate a hash value of the execution module that has been written to the execution module memory area and store the calculated hash value therein;
    - a verification unit configured to verify a signature of the execution module using the calculated hash value and a public key when the command selecting unit determines that a command issued by the non-secure OS unit indicates verification of a signature of the execution module, andthe verification unit and the hash value calculator are configured to be executed in the secure mode.
  - 4. The device according to claim 1, further comprising:
    - a key storing unit configured to store a common key;
      
      a key generating unit configured to generate a secret key and a public key;
      
      a data encrypting unit configured to write an encrypted secret key obtained by encrypting the secret key using the common key stored in the key storing unit, and a public key to the shared memory area; and
      
      a module signature generating unit configured to read data from the shared memory area, and generate a signature using the read data and the secret key, whereinthe data encrypting unit and the module signature generating unit are configured to be executed in the secure mode.
  - 5. The device according to claim 3, further comprising:
    - a second key storing unit configured to store a second common key; and
      
      a second data encrypting unit configured toencrypt data using the hash value of the execution module as calculated by the hash value calculator and using the second common key stored in the second key storing unit, andwrite the encrypted data to the shared memory area, whereinthe second data encrypting unit is configured to be executed in the secure mode.
  - 6. The device according to claim 1, further comprisinga timer handler unit configured todetect a timer interrupt, andswitch the main processor unit from one mode to another mode every time a predetermined time period elapses.

7. An information processing device comprising:
- a main memory unit configured to store data;
  
  a main processor unit configured to selectively switch between a secure mode and a non-secure mode, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus;
  
  a secure OS unit configured to be executed by the main processor unit in the secure mode;
  
  a non-secure OS unit configured to be executed by the main processor unit in the non-secure mode;
  
  a secure monitor memory setting unit configured to set a shared memory area and a non-secure OS unit memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the non-secure OS unit memory area allowing writing an OS execution image of the non-secure OS unit;
  
  an address space control unit configured todetermine the mode of the main processor unit based on the state information received from the bus, andcontrol allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to settings performed by the secure monitor memory unit;
  
  a shared memory area writing unit configured to write an execution module to be executed in the secure OS unit to the shared memory area of the main memory unit;
  
  a boot loader unit configured to write the OS execution image of the non-secure OS unit to a predetermined memory area of the main memory unit in the non-secure mode at the time of booting of the device, whereinthe secure OS unit is configured tocompare a hash value calculated from the OS execution image of the non-secure OS unit that has been written to the non-secure OS unit memory area, with an expected value of the hash value of the OS execution image of the non-secure OS unit, anddetermine that the data of the non-secure OS unit is correct and allow execution of the non-secure OS unit when the hash value and the expected value are identical.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The device according to claim 7, whereinthe secure monitor memory setting unit is configured to allow writing to the non-secure OS unit memory area in the secure mode but not allow writing to the non-secure OS unit memory area in the non-secure mode,the boot loader unit is configured to write the OS execution image of the non-secure OS unit to the shared memory area, andthe secure OS unit is configured to copy a first portion of the OS execution image of the non-secure OS unit from the shared memory area to the non-secure OS unit memory area, the first portion being a portion from which calculation of the hash value is completed.
  - 9. The device according to claim 7, further comprising a monitor handler unit configured to perform exception processing to switch from the non-secure mode to the secure mode when an access that is not allowed is attempted in the address space control unit, whereinthe secure monitor memory setting unit is configured to set the non-secure OS unit memory area as a memory area that is allowed to be accessed for reading but not allowed to be accessed for writing in the non-secure mode,the boot loader unit is configured to send a command to write the OS execution image of the non-secure OS unit to the non-secure OS unit memory area in the non-secure mode at the time of booting,the monitor handler unit is configured to switch to the secure mode and hand over operations to the secure OS unit when the command for writing to the non-secure OS unit memory area is sent by the boot loader unit, andthe secure OS unit is configured to copy the OS execution image of the non-secure OS unit to the non-secure OS unit memory area in the secure mode.
  - 10. The device according to claim 7, further comprisinga timer handler unit configured todetect a timer interrupt, andswitch the main processor unit to the secure mode every time a predetermined time period elapses, whereinthe secure OS unit is configured tocalculate the hash value for a portion of the OS execution image of the non-secure OS unit stored in the main memory unit for which hash value calculation is not yet completed when the timer handler unit performs operations for the timer interrupt, andswitch the main processor unit back to the non-secure mode that was present prior to the start of the operations for the timer interrupt upon completion of the hash value calculation.
  - 11. The device according to claim 7, further comprisinga timer handler unit configured todetect a timer interrupt, andswitch the main processor unit to the secure mode every time a predetermined time period elapses, whereinthe secure OS unit is configured tocalculate the hash value of the OS execution image of the non-secure OS unit stored in the main memory unit,compare the hash value with an expected value of the hash value of the OS execution image of the non-secure OS unit, andidentify that the non-secure OS unit has been altered and instruct the non-secure OS unit to perform predetermined error processing when the hash value and the expected value are not identical.

12. A computer program product comprising a computer-readable medium containing a program executed by a computer that includes a main memory unit configured to store data, and a main processor unit configured to selectively switch between a secure mode and a non-secure mode, read and write data from and to the main memory unit, and write an OS execution image to the main memory unit, the main processor unit including a state sending unit for sending state information indicating the present mode to a bus, the program causing the computer to execute:
- executing, by the main processor unit, a secure OS unit in the secure mode;
  
  executing, by the main processor unit, an execution module in the secure mode;
  
  executing, by the main processor unit, a non-secure OS unit in the non-secure mode;
  
  setting a shared memory area and an execution module memory area, the shared memory allowing reading and writing in the secure mode and the non-secure mode of the main processor unit, the execution module memory area allowing reading and writing in the secure mode of the main processor unit but not allowing reading or writing in the non-secure mode of the main processor unit;
  
  determining the mode of the main processor unit based on the state information received from the bus;
  
  controlling allowing and disallowing of reading and writing with respect to the main memory unit from the main processor unit according to the settings;
  
  writing the execution module to be executed in the secure OS unit to the shared memory area of the main memory unit;
  
  writing the execution module that has been written to the shared memory area, to the execution module memory area; and
  
  executing the execution module that has been written to the execution module memory area.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer program product according to claim 12, the program further causing the computer to executedetermining whether a command issued by the non-secure OS unit to the secure OS unit indicates writing of the execution module to the execution module memory area of the main memory unit or indicates execution of the execution module, whereinupon writing the execution module, writing the execution module that has been written to the shared memory area, to the execution module memory area when a command issued by the non-secure OS unit indicates writing of the execution module to the execution module memory area of the main memory unit, andupon executing the execution module, executing the execution module that has been written to the execution module memory area when a command issued by the non-secure OS unit indicates execution of the execution module, whereinthe writing the execution module to be executed in the secure OS unit is executed in the non-secure mode, andthe writing the execution module to the execution module memory area and the executing the execution module are executed in the secure mode.
  - 14. The computer program product according to claim 12, the program further causing the computer to executedetermining whether a command issued by the non-secure OS unit to the secure OS unit indicates verification of a signature of the execution module,calculating a hash value of the execution module that has been written to the execution module memory area and store the calculated hash value therein;
    - andverifying a signature of the execution module using the calculated hash value and a public key when the command selecting unit determines that a command issued by the non-secure OS unit indicates verification of a signature of the execution module, whereinthe calculating the hash value and the verifying the signature are executed in the secure mode.
  - 15. The computer program product according to claim 12, the program further causing the computer to executestoring a common key to a key storing unit;
    - generating a secret key and a public key;
      
      writing an encrypted secret key obtained by encrypting the secret key using the common key stored in the key storing unit, and a public key to the shared memory area;
      
      reading data from the shared memory area; and
      
      generating a signature using the read data and the secret key, whereinthe writing the encrypted secret key and the generating the signature executed in the secure mode.
  - 16. The computer program product according to claim 14, the program further causing the computer to executestoring a second common key to a second key storing unit;
    - encrypting data using the hash value of the execution module as calculated by the hash value calculator and using the second common key stored in the second key storing unit, andwriting the encrypted data to the shared memory area, whereinthe encrypting the data is executed in the secure mode.
  - 17. The computer program product according to claim 12, the program further causing the computer to executedetecting a timer interrupt, andswitching the main processor unit from one mode to another mode every time a predetermined time period elapses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
ISOZAKI, Hiroshi, Kanai, Jun

Granted Patent

US 9,191,202 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/604   Tools and structures for ma...

G06F 21/6281   at program execution time, ...

G06F 21/70   Protecting specific interna...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

INFORMATION PROCESSING DEVICE AND COMPUTER PROGRAM PRODUCT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION PROCESSING DEVICE AND COMPUTER PROGRAM PRODUCT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links