Information processing apparatus with security module
First Claim
1. An information processing apparatus being adapted to communicate with a tamper-proof device, and comprising:
- a TPM to store a first trusted platform module (TPM) key, the first TPM key having a first public key and a first private key associated with the first public key;
a key management moduleto receive a parameter having the first public key from the TPM,to provide the received parameter to the tamper-proof device,to receive from the tamper-proof device a second TPM key, the second TPM key having a second private key which has been encrypted using the first public key included in the provided parameter, and having a second public key associated with the second private key, the second TPM key containing password check information generated by the tamper-proof device, andto provide the TPM with the second TPM key; and
a file processing module receiving a file encryption key from the key management module, encrypting a file with the file encryption key, and decrypting the encrypted file with the file encryption key,the TPMto receive the second public key from the key management module,to generate a third TPM key, the third TPM key having a third private key which has been encrypted using the second public key, and a third public key associated with the third private key, andto encrypt the file encryption key with the third public key;
whereinwhen the tamper-proof device is coupled to the information processing apparatus, the key management module receives the second TPM key from the tamper-proof device, stores the received second TPM key in a memory associated with the key management module, and provides the stored second TPM key to the TPM,when the TPM uses the second TPM key received from the key management module, the TPM requests the tamper-proof device to provide a password associated with the password check information contained in the second TPM key which is used by the TPM, receives the password from the tamper proof device, and verifies the received password using the password check information contained in the second TPM key which is used by the TPM;
when it is verified that the password is correct, the TPM decrypts the second TPM key using the first private key, decrypts the third TPM key using the decrypted second private key, and decrypts, using the decrypted third private key, the encrypted file encryption key for decrypting the file; and
the file processing module decrypts the file using the decrypted file encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
An information processing apparatus includes a TPM, a key management module for managing a key database, a memory, and a file processing module for encrypting and decrypting a file. The TPM stores a first TPM key therein and encrypts a third TPM key. The key management module stores and manages the third TPM key in the database. When the information processing apparatus starts communicating with the tamper-proof device, the key management module receives, from the TPM, a parameter for generating a second TPM key, provides the received parameter to the tamper-proof device, receives from the tamper-proof device the second TPM key which has been encrypted using the first TPM key, and provides the TPM with the second TPM key and with the third TPM key which has been encrypted using the second TPM key. When the second TPM key contains password check information, the TPM receives from the tamper-proof device a password associated with the password check information, and verifies the received password using the password check information. When it is verified that the password is correct, the TPM decrypts the second TPM key using the first TPM key, decrypts the third TPM key using the decrypted second TPM key, and decrypts, using the decrypted third TPM key, an encrypted encryption key for decrypting the file. The file processing module decrypts the file using the decrypted encryption key.
-
Citations
6 Claims
-
1. An information processing apparatus being adapted to communicate with a tamper-proof device, and comprising:
-
a TPM to store a first trusted platform module (TPM) key, the first TPM key having a first public key and a first private key associated with the first public key; a key management module to receive a parameter having the first public key from the TPM, to provide the received parameter to the tamper-proof device, to receive from the tamper-proof device a second TPM key, the second TPM key having a second private key which has been encrypted using the first public key included in the provided parameter, and having a second public key associated with the second private key, the second TPM key containing password check information generated by the tamper-proof device, and to provide the TPM with the second TPM key; and a file processing module receiving a file encryption key from the key management module, encrypting a file with the file encryption key, and decrypting the encrypted file with the file encryption key, the TPM to receive the second public key from the key management module, to generate a third TPM key, the third TPM key having a third private key which has been encrypted using the second public key, and a third public key associated with the third private key, and to encrypt the file encryption key with the third public key;
whereinwhen the tamper-proof device is coupled to the information processing apparatus, the key management module receives the second TPM key from the tamper-proof device, stores the received second TPM key in a memory associated with the key management module, and provides the stored second TPM key to the TPM, when the TPM uses the second TPM key received from the key management module, the TPM requests the tamper-proof device to provide a password associated with the password check information contained in the second TPM key which is used by the TPM, receives the password from the tamper proof device, and verifies the received password using the password check information contained in the second TPM key which is used by the TPM; when it is verified that the password is correct, the TPM decrypts the second TPM key using the first private key, decrypts the third TPM key using the decrypted second private key, and decrypts, using the decrypted third private key, the encrypted file encryption key for decrypting the file; and the file processing module decrypts the file using the decrypted file encryption key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In an information processing apparatus comprising a TPM, a processor and a memory and being adapted to communicate with a tamper-proof device, a method for password authentication and decrypting a trusted platform module (TPM) key, the method comprising:
-
storing, in the TPM, a first TPM key having a first public key, and a first private key associated with the first public key; causing the TPM to generate a third TPM key, the third TPM key having a third private key which has been encrypted using a second public key of a second TPM key, and having a third public key associated with the third private key; receiving from the TPM a parameter having the first public key, providing the received parameter to the tamper-proof device, and receiving from the tamper-proof device the second TPM key, when the tamper-proof device is coupled to the information processing apparatus, the second TPM key having a second private key which has been encrypted using the first public key included in the provided parameter, and having the second public key associated with the second private key, the second TPM key containing password check information generated by the tamper-proof device; storing the received second TPM key in a memory; providing the TPM with the stored second TPM key and with the third TPM key; requesting the tamper-proof device to provide a password associated with the password check information contained in the second TPM key, when the stored second TPM key is used by the TPM; receiving the password from the tamper-proof device , and causing the TPM to verify the received password using the password check information contained in the second TPM key which is used by the TPM; causing, when it is verified that the password is correct, the TPM to decrypt the second TPM key using the first private key, decrypt the third TPM key using the decrypted second private key, and decrypt, using the decrypted third private key, an encrypted file encryption key for decrypting a file; and decrypting the file using the decrypted file encryption key.
-
Specification