INFORMATION PROCESSING APPARATUS, AND METHOD AND COMPUTER PROGRAM PRODUCT FOR VERIFICATION

US 20100268967A1
Filed: 04/08/2010
Published: 10/21/2010
Est. Priority Date: 04/17/2009
Status: Active Grant

First Claim

Patent Images

1. An information processing apparatus comprising:

a main memory unit that retains contents stored therein only while the main memory unit is receiving electric power supply;

an auxiliary storage unit that retains contents stored therein even after the electric power supply is lost;

a control unit that performs hibernation ofgenerating operating-state data that indicates an operating state of the information processing apparatus at a time when the electric power supply is lost,storing the operating-state data in the auxiliary storage unit, and,when electric power supply is restored, reading the operating-state data from the auxiliary storage unit to restore the information processing apparatus to the operating state; and

a security chip thatincludes a configuration register,encrypts data by using a value written into the configuration register, andstores the data in the auxiliary storage unit, whereinthe control unit includes;

a first registration unit that performs, when the control unit generates the operating-state data, calculation based on the operating-state data to obtain a calculated value and writes the value to the configuration register;

a second registration unit that performs, when the control unit reads the operating-state data from the auxiliary storage unit at the hibernation, calculation based on the operating-state data to obtain a calculated value and writes the value to the configuration register; and

a verification unit that performs verification at boot-up from the hibernation by determining whether to permit decryption of the data encrypted by the security chip based on the value written into the configuration register by the second registration unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing apparatus includes a main memory unit storing while on-power; an auxiliary storage unit functionable even off-power; a control unit performing hibernation of generating operating-state data indicating a state when the power is lost, storing the data in the auxiliary storage unit, and, when restored, reading the data from the auxiliary storage unit; and a security chip that including a configuration register, encrypts data, and storing the data in the auxiliary storage unit. The control unit includes: a first registration unit performing, when the data is generated, calculation based thereon to obtain a calculated value; a second registration unit performing, when the data is read from the auxiliary storage unit at the hibernation, calculation based on the data to obtain a calculated value to write it into the configuration register; and a verification unit performing verification at boot-up from the hibernation based on the value written.

Citations

6 Claims

1. An information processing apparatus comprising:
- a main memory unit that retains contents stored therein only while the main memory unit is receiving electric power supply;
  
  an auxiliary storage unit that retains contents stored therein even after the electric power supply is lost;
  
  a control unit that performs hibernation ofgenerating operating-state data that indicates an operating state of the information processing apparatus at a time when the electric power supply is lost,storing the operating-state data in the auxiliary storage unit, and,when electric power supply is restored, reading the operating-state data from the auxiliary storage unit to restore the information processing apparatus to the operating state; and
  
  a security chip thatincludes a configuration register,encrypts data by using a value written into the configuration register, andstores the data in the auxiliary storage unit, whereinthe control unit includes;
  
  a first registration unit that performs, when the control unit generates the operating-state data, calculation based on the operating-state data to obtain a calculated value and writes the value to the configuration register;
  
  a second registration unit that performs, when the control unit reads the operating-state data from the auxiliary storage unit at the hibernation, calculation based on the operating-state data to obtain a calculated value and writes the value to the configuration register; and
  
  a verification unit that performs verification at boot-up from the hibernation by determining whether to permit decryption of the data encrypted by the security chip based on the value written into the configuration register by the second registration unit.
- View Dependent Claims (2, 3, 4)
- - 2. The information processing apparatus according to claim 1, whereinthe security chipgenerates a blob that contains the value written into the configuration register and the data, andstores the blob in the auxiliary storage unit, andthe verification unitdetermines that access to the data is permitted and decryption of the blob is permitted, if the value written into the configuration register by the second registration unit match the value contained in the blob.
  - 3. The information processing apparatus according to claim 2, whereinthe security chip includes a plurality of configuration registers thatrespectively correspond to software programs that form a chain of trust,generates a blob that contains a combination of values written into the configuration registers and the data, andstores the blob in the auxiliary storage unit, andthe control unit includes:
    - a third registration unit thatperforms calculation for each of the software programs so as to obtain calculated values, andwrites each of the values into a corresponding one of the configuration registers; and
      
      a fourth registration unit thatperforms, when the software programs are started up in response to the electric power supply, calculation for each of the software programs to obtain calculated values, andwrites each of the values into a corresponding one of the configuration registers, andthe verification unitdetermines that access to the data is permitted and decryption of the blob is permitted, if all the values written into the configuration registers by the fourth registration unit match the values contained in the blob.
  - 4. The information processing apparatus according to claim 3, whereinthe security chipgenerates a blob that containsa first combination of the values, each of which has been written into the corresponding one of the configuration registers, anda second value written into at least one of the plurality of configuration registers when the operating-state data is generated, andstores the blob in the auxiliary storage unit, andthe verification unit determines that access to the data is permitted and decryption of the blob is permitted when at least one of two conditions is satisfied, whereinone condition is that all the values written into the configuration registers by the fourth registration unit match the first combination of values contained in the blob andanother condition is that the value written into the configuration register by the second registration unit matches the second value contained in the blob.

5. A verification method that is performed in an information processing apparatus that includesa main memory unit that retains contents stored therein only while the main memory unit is receiving electric power supply;
- an auxiliary storage unit that retains contents stored therein even after the electric power supply is lost;
  
  a control unit that performs hibernation ofgenerating operating-state data that indicates an operating state of the information processing apparatus at a time when the electric power supply is lost,storing the operating-state data in the auxiliary storage unit, andwhen electric power supply is restored, reading the operating-state data from the auxiliary storage unit to restore the information processing apparatus into the operating state; and
  
  a security chip thatincludes a configuration register,encrypts data by using a value written into the configuration register, andstores the data in the auxiliary storage unit, the verification method comprising;
  
  first registering, when the control unit generates the operating-state data, a calculated value based on the operating-state data to write the calculated value into the configuration register;
  
  second registering, when the control unit reads the operating-state data from the auxiliary storage unit at the hibernation, a calculated value based on the operating-state data to write the calculated value into the configuration register; and
  
  verifying, which is performed by the control unit, a boot-up from the hibernation by determining whether to permit decryption of the data encrypted by the security chip based on the value written into the configuration register at the second registering.

6. A computer program product comprising a computer-usable medium having computer-readable program codes embodied in the medium for processing information in an information processing apparatus that includesa main memory unit that retains contents stored therein only while the main memory unit is receiving electric power supply;
- an auxiliary storage unit that retains contents stored therein even after the electric power supply is lost;
  
  a control unit that performs hibernation ofgenerating operating-state data that indicates an operating state of the information processing apparatus at a time when the electric power supply is lost,storing the operating-state data in the auxiliary storage unit, andwhen electric power supply is restored, reading the operating-state data from the auxiliary storage unit to restore the information processing apparatus into the operating state; and
  
  a security chip thatincludes a configuration register,encrypts data by using a value written into the configuration register, andstores the data in the auxiliary storage unit, the program codes when executed causing a computer to execute;
  
  first registering, when the control unit generates the operating-state data, a calculated value based on the operating-state data to write the calculated value into the configuration register;
  
  second registering, when the control unit reads the operating-state data from the auxiliary storage unit at the hibernation, a calculated value based on the operating-state data to write the calculated value into the configuration register; and
  
  verifying, which is performed by the control unit, a boot-up from the hibernation by determining whether to permit decryption of the data encrypted by the security chip based on the value written into the configuration register at the second registering.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
SENDA, Shigeya

Granted Patent

US 8,438,377 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/575 Secure boot

INFORMATION PROCESSING APPARATUS, AND METHOD AND COMPUTER PROGRAM PRODUCT FOR VERIFICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION PROCESSING APPARATUS, AND METHOD AND COMPUTER PROGRAM PRODUCT FOR VERIFICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links