Method and system for securely sharing content

US 8,275,884 B2
Filed: 12/12/2008
Issued: 09/25/2012
Est. Priority Date: 01/15/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of securely sharing content in a system including a hardware platform, comprising:

a first domain, which has content that requires security, among a plurality of domains logically generated on the hardware platform by a virtualization layer unit, sharing the content with at least one second domain of the plurality of domains, wherein the sharing comprises indicating, by the first domain, to the virtualization layer unit, an external transmission type to which writing of the content of the first domain is not permitted and setting a write-prevention flag in a memory page descriptor of a peripheral device, among a plurality of peripheral devices, corresponding to the external transmission type to which writing of the content of the first domain is not permitted, the plurality of peripheral devices including a peripheral device to which writing of the content owned by the first domain is permitted; and

preventing, by the virtualization layer unit, the writing of the content if the second domain requests to write the content in a region and if the virtualization layer unit determines, based on the request of the second domain, that the flag is set for the region in which the second domain requests to write the content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for securely sharing content are provided, which can securely share the content without allowing access by unauthorized third parties. The method of securely sharing content includes a first domain, which has content that requires security among a plurality of domains logically generated on a hardware platform, sharing the content with at least one second domain, and if the second domain intends to write the content in a region in which writing is not permitted, preventing the writing of the content.

59 Citations

View as Search Results

22 Claims

1. A method of securely sharing content in a system including a hardware platform, comprising:
- a first domain, which has content that requires security, among a plurality of domains logically generated on the hardware platform by a virtualization layer unit, sharing the content with at least one second domain of the plurality of domains, wherein the sharing comprises indicating, by the first domain, to the virtualization layer unit, an external transmission type to which writing of the content of the first domain is not permitted and setting a write-prevention flag in a memory page descriptor of a peripheral device, among a plurality of peripheral devices, corresponding to the external transmission type to which writing of the content of the first domain is not permitted, the plurality of peripheral devices including a peripheral device to which writing of the content owned by the first domain is permitted; and
  
  preventing, by the virtualization layer unit, the writing of the content if the second domain requests to write the content in a region and if the virtualization layer unit determines, based on the request of the second domain, that the flag is set for the region in which the second domain requests to write the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the sharing comprises marking pages of a memory sharing the content so as to indicate that the content is stored in the pages of the memory, and tagging information of the first domain that is the domain having the content.
  - 3. The method of claim 2, wherein the sharing comprises when the content stored in the marked pages is loaded in processor registers, including a mark indicating that the content is stored in the respective registers and a tag having information of the first domain that is the domain having the content in the respective registers.
  - 4. The method of claim 2, further comprising limiting a change of the domain having the marked pages.
  - 5. The method of claim 1, wherein the second domain is a domain having peer relations with the first domain.
  - 6. The method of claim 1, wherein the external transmission type includes any one of printing, displaying, and networking.
  - 7. The method of claim 1, wherein the region includes memory regions shared by a domain that does not have peer relations with the first domain.
  - 8. The method of claim 6, wherein the flag indicates a memory region of a peripheral device in which the writing of the content is not permitted;
    - wherein the preventing comprises preventing the writing of the content in the memory region.
  - 9. The method of claim 7, wherein the flag indicates a memory region of the memory regions,wherein the preventing comprises preventing the writing of the content in the memory region.
  - 10. The method of claim 1, wherein the sharing comprises setting a memory sharing of the content to “
    - read only”
      
      .
  - 11. The method of claim 3, further comprising when the content is operated, comparing the tag of a register in which the content is stored with the tag of an operation result register, and if the tags are not the same, stopping an operation process.

12. A system for securely sharing content, comprising:
- a hardware platform; and
  
  a virtualization layer unit which logically generates a plurality of domains on the hardware platform;
  
  wherein the plurality of domains include a first domain having content that requires security and at least one second domain sharing the content with the first domain; and
  
  wherein the virtualization layer unit receives, from the first domain, information on an external transmission type to which writing of the content of the first domain is not permitted and sets a write-prevention flag in a memory page descriptor of a peripheral device, among a plurality of peripheral devices, corresponding to the external transmission type to which writing of the content is not permitted, the plurality of peripheral devices including a peripheral device to which writing of the content owned by the first domain is permitted, and if the second domain requests to write the content in a region and if the virtualization layer unit determines, based on the request of the second domain, that the flag is set for the region in which the second domain requests to write the content, the virtualization layer unit prevents the writing of the content.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12, wherein the virtualization layer unit marks pages of a memory sharing the content so as to indicate that the content is stored in the pages of the memory, and tags information of the first domain that is the domain having the content.
  - 14. The system of claim 13, wherein the virtualization layer unit operates to include a mark indicating that the content is stored in processor registers and a tag having information of the first domain that is the domain having the content in the respective registers when the content stored in the marked pages is loaded in the processor registers.
  - 15. The system of claim 13, wherein the virtualization layer unit limits a change of the domain having the marked pages.
  - 16. The system of claim 12, wherein the second domain is a domain having peer relations with the first domain.
  - 17. The system of claim 12, wherein the external transmission type includes any one of printing, displaying, and networking.
  - 18. The system of claim 12, wherein the region includes memory regions shared by a domain that does not have peer relations with the first domain.
  - 19. The system of claim 17, wherein the virtualization unit operates to set the flag indicating a memory region of the peripheral device in which the writing of the content is not permitted, and to prevent the writing of the content in the memory region.
  - 20. The system of claim 18, wherein the virtualization unit operates to set the flag indicating a memory region of the memory regions, and to prevent the writing of the content in the memory region.
  - 21. The system of claim 12, wherein the virtualization layer unit sets a memory sharing of the content to “
    - read only”
      
      .
  - 22. The system of claim 14, wherein the virtualization layer unit compares the tag of the register in which the content is stored with the tag of an operation result register when the content is operated, and if the tags are not equal to each other, the virtualization layer unit stops an operation process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Hwang, Joo-Young, Suh, Sang-Bum
Primary Examiner(s)
SHIU, HO T

Application Number

US12/333,692
Publication Number

US 20090182860A1
Time in Patent Office

1,383 Days
Field of Search

None
US Class Current

709/225
CPC Class Codes

G06F 21/606 by securing the transmissio...

Method and system for securely sharing content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Method and system for securely sharing content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others