WO2004053664A1 - プログラム実行制御装置、os、クライアント端末、サーバ、プログラム実行制御システム、プログラム実行制御方法、プログラム実行制御プログラム - Google Patents
プログラム実行制御装置、os、クライアント端末、サーバ、プログラム実行制御システム、プログラム実行制御方法、プログラム実行制御プログラム Download PDFInfo
- Publication number
- WO2004053664A1 WO2004053664A1 PCT/JP2002/013006 JP0213006W WO2004053664A1 WO 2004053664 A1 WO2004053664 A1 WO 2004053664A1 JP 0213006 W JP0213006 W JP 0213006W WO 2004053664 A1 WO2004053664 A1 WO 2004053664A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- program
- client terminal
- execution control
- input
- identifier
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Definitions
- Program execution control device OS, client terminal, server, program execution control system, program execution control method, program execution control program
- the present invention relates to a program execution control device, an OS (Operating Systems), a client terminal, a server, a program execution control system, a program execution control method, and a program execution control program that permit execution of only an authenticated program. Things. Food background technology
- TCP Trusted Computing Platform Alliance
- OS driver signatures OS driver signatures
- TCPA adds special security chips to client terminals such as PCs (Personal Computers) and mobile terminals to enable software on client terminals.
- client terminals such as PCs (Personal Computers) and mobile terminals to enable software on client terminals.
- the goal is to ensure the security of the entire environment, including hardware.
- a client terminal such as a basic input / output system (BIOS), a boot program, an OS reader, and an OS.
- BIOS basic input / output system
- OS reader an OS reader
- the code in the BIOS calculates the hash value of the boot program to be started next, stores it in the security chip, and then passes control to the boot program.
- the hash value is a value calculated by applying a one-way function to the target program.
- the boot program calculates the hash value of the ⁇ S loader, similarly stores it in the security chip, and then passes control to the ⁇ S loader.
- the ⁇ S loader calculates the hash value of ⁇ S, similarly stores the hash value in the security chip, and transfers control to ⁇ S.
- the client terminal returns the hash value group calculated above to the server in response to a request from an external entity such as a server generated at an arbitrary timing.
- the server can find a list of programs that are currently or have been executed on the client terminal in the form of a hash value, and whether an unauthorized program is operating on the client terminal. You can check if. If it turns out that an illegal program is running, the server can stop the service for the corresponding client terminal, and control can be performed. Also, some OSs have a function that rejects the incorporation of a device driver without a valid signature. Even if there is no valid signature, the embedding can be executed if the user permits.
- some virtual machines that download and execute programs from outside on the client terminal reject the execution of a program without a valid signature, or permit execution, but the operation of the program is not permitted.
- Some functions have the function of adding restrictions. Through such processing, it is possible to prevent the incorporation of an illegal driver and the execution of an illegal program.
- TCPA has a problem in that even if it is possible to externally confirm that unauthorized software is operating, it cannot be controlled so that it does not operate. In addition, TCPA is targeted until the OS is started. The program cannot be started after running.
- the processing part is falsified to prevent improper driver embedding. There is a problem that this function can be invalidated.
- the virtual machine is software, as in the case of the OS driver signature, so that the function of rejecting unauthorized programs must be invalidated by falsifying it. There is a problem that can be done.
- a tamper-resistant hardware prepared in a device uses a program described in a list of programs obtained in advance from a server by a secure means. Passing only the OS to the OS enables the OS to execute the program, keeps a list of the programs executed by the OS in the hardware safely, and notifies the server safely when requested by the server Can execute program execution control device, OS, client terminal, server
- a program execution control system a program execution control method, and a program execution control program are provided. Disclosure of the invention
- the present invention is a program execution control device that permits execution of only a specified program specified in advance, and includes an expected value obtained by applying a predetermined function to the specified program in advance, and an identifier of the specified program.
- An expected value table storage unit for storing at least one set, an input interface capable of externally inputting a set including an input program and an identifier of the input program, and applying a predetermined function to the input program.
- a function operation unit that obtains an operation value by a comparison unit; and a comparison unit that compares the expected value corresponding to the identifier of the input program among the expected values in the expected value table with the operation value.
- an output interface for outputting the input program to the outside.
- the expected value table storage unit is the expected value table storage unit 36
- the input interface is the input / output interface 31
- the function operation unit is the operation hash value.
- the calculation unit 34 is referred to
- the comparison unit is referred to as the comparison unit 35
- the output interface is referred to as the input / output interface 31 and the gate 38.
- the predetermined function is a one-way function
- the expected value and the operation value are hash values.
- the program execution control device further includes an operation value table storage unit that stores at least one set of an identifier of the input program being executed and an operation value, and the input program is stored in accordance with an external request. And outputting a set consisting of the identifier, the operation value, and the force to the outside.
- the information about the currently running program is output to the outside as necessary, so that the currently running program can be confirmed from the outside.
- the present invention provides an OS using the program execution control device according to the present invention
- the input program is input to the program execution control device, and the input program is executed when the input program is output from the program execution control device.
- the program executed by the program execution control device determines whether the program executed by the OS is a specified program or not, so that the OS can execute only the specified program specified in advance. it can.
- the present invention is a client terminal provided with the program execution control device according to the present invention, wherein the input program input from the outside is input to the program execution control device, and the input is performed from the program execution control device.
- Program output Execute the input program when the input program is input.
- the program executed by the program execution control device determines whether or not the program executed by the client terminal is the designated program, so that the client terminal executes only the designated program designated in advance. be able to.
- the present invention is a client terminal equipped with the program execution control device according to the present invention, wherein the client terminal outputs a set consisting of an identifier of the input program and an operation value to the outside in response to a request from the outside. is there.
- the present invention also relates to a server which can be connected to the client terminal according to the present invention via a network, wherein a set including an identifier of the designated program and an expected value is transmitted to the client terminal in advance. And transmitting the input program to the client terminal as needed.
- the server that transmits the specified program transmits information on the specified program in advance, whereby the program permitted to be executed can be specified.
- the present invention is a server which can be connected to the client terminal according to the present invention via a network, wherein the request for a set consisting of an identifier of a program being executed in the client terminal and an operation value is transmitted to the client terminal.
- the input program being executed on the client terminal is confirmed based on a set of the identifier and the operation value transmitted to the client terminal and received.
- the server can monitor whether or not the client terminal is executing the specified program.
- the present invention is a program execution control system for permitting execution of only a designated program specified in advance, wherein the client terminal according to the present invention can be connected to the client terminal via a network.
- a server that transmits in advance a set of an expected value, an identifier, and a power of the designated program to the client terminal, and transmits the input program to the client terminal as necessary. Things.
- the server that transmits the specified program transmits information about the specified program in advance, so that the server can specify a program that is permitted to be executed. Can be performed.
- the present invention is a program execution control system for permitting execution of only a designated program specified in advance, wherein the client terminal according to the present invention can be connected to the client terminal via a network.
- a request consisting of an identifier of the program being executed and an operation value to the client terminal, and transmitting the request to the client terminal based on the received identifier and the operation value.
- a server for checking the input program According to such a configuration, the server can monitor whether or not the client terminal is executing the specified program.
- the present invention is a program execution control method for permitting execution of only a designated program specified in advance, wherein an expected value obtained by applying a predetermined function to the designated program in advance, an identifier of the designated program, Storing at least one set consisting of: an input program and a set consisting of an identifier of the input program from the outside; and applying a predetermined function to the input program to obtain an operation value. Comparing the expected value corresponding to the identifier of the input program with the calculated value obtained from the function calculating unit, out of the pair of the expected value and the identifier; And a step of outputting the input program to the outside when it is performed.
- a high security level can be guaranteed by controlling the permission and rejection of the execution of the input program by using the information for confirming that the program is the designated program.
- the present invention is a program execution control program stored in a computer-readable medium for causing a computer to execute only a designated program designated in advance, wherein the designated program has a predetermined program. At least one set of the expected value obtained by applying the function and the identifier of the specified program is stored.
- An input program a step of inputting a set of identifiers and powers of the input program from the outside, a step of applying a predetermined function to the input program to obtain an operation value, and the expected value and the identifier. Performing a comparison between the expected value corresponding to the identifier of the input program and the operation value obtained from the function operation unit, and if the comparison indicates a match, the input program And outputting the program to the outside.
- a high security level can be guaranteed by controlling the permission and rejection of the execution of the input program by using the information for confirming that the program is the designated program.
- the present invention is a program execution control device which permits execution of only a designated program specified in advance, wherein an expected value obtained by applying a predetermined function to the designated program in advance, an identifier of the designated program,
- An expected value table storage unit that stores at least one set of the following, a decryption key storage unit that stores a previously input decryption key, and an encrypted set obtained by encrypting a set consisting of an input program and an identifier of the input program
- a function operation unit that obtains an operation value by applying a predetermined function to the decrypted program; and the decrypted program in the expected value table.
- a comparison unit for comparing the expected value corresponding to the identifier of the RAM with the operation value obtained from the
- the decryption key storage unit in the present embodiment is the decryption key storage unit 33, and the decryption unit is the decryption unit 32.
- the predetermined function is a one-way function
- the expected value and the operation value are hash values. Is what you do.
- the determination as to whether the program is the designated program can be made with high reliability.
- the program execution control device further includes an operation value table storage unit for storing at least one set of an identifier of the decrypted program being executed and an operation value, wherein the decryption is performed according to an external request.
- a set consisting of the identifier of the completed program and the operation value is output to the outside.
- the information about the currently running program is output to the outside as necessary, so that the currently running program can be confirmed from the outside.
- the present invention provides an OS using the program execution control device according to the present invention
- the encrypted program is input to the program execution control device, and when the decrypted program is output from the program execution control device, the decrypted program is executed.
- the program execution control device determines whether or not the program executed by ⁇ s is the specified program, so that the OS executes only the specified program specified in advance. Can be.
- the present invention is a client terminal provided with the program execution control device according to the present invention, wherein the client terminal inputs the externally input programmed program to the program execution control device, When the decrypted program is output, the decrypted program is executed.
- the client terminal executes only the designated program specified in advance by the program execution control device determining whether or not the program executed by the client terminal is the designated program. can do.
- the present invention provides a client terminal equipped with the program execution control device according to the present invention, wherein the client terminal outputs a set consisting of the identifier of the decrypted program and an operation value to the outside in response to an external request. It is.
- the present invention is a server which can be connected to the client terminal according to the present invention via a network, and transmits a set including an identifier of the designated program and an expected value to the client terminal in advance, The encrypted program is transmitted to the client terminal as needed.
- the server that transmits the specified program transmits information on the specified program in advance, whereby the program permitted to be executed can be specified.
- the present invention is a server which can be connected to the client terminal according to the present invention via a network, wherein the request for a set consisting of an identifier of a program being executed in the client terminal and an operation value is transmitted to the client terminal.
- the decrypted program that is transmitted to the client terminal and that is being executed on the client terminal is confirmed based on a set including the received identifier and the calculated value.
- the server can monitor whether or not the client terminal is executing the specified program.
- the present invention is a program execution control system for permitting execution of only a designated program specified in advance, wherein the client terminal according to the present invention can be connected to the client terminal via a network.
- a server configured to transmit a set including an expected value of the designated program and an identifier to the client terminal in advance, and to transmit the encrypted program to the client terminal as necessary.
- the server that transmits the specified program transmits information about the specified program in advance, so that the server can specify a program that is permitted to be executed. Can be performed.
- the present invention is a program execution control system for permitting execution of only a designated program specified in advance, wherein the client terminal according to the present invention can be connected to the client terminal via a network.
- the client terminal Transmitting a request consisting of the identifier of the program being executed and the operation value to the client terminal, and confirming the decrypted program being executed on the client terminal based on the received identifier and the operation value.
- the server can monitor whether or not the client terminal is executing the specified program.
- the present invention is a program execution control method for permitting execution of only a designated program specified in advance, wherein an expected value obtained by applying a predetermined function to the designated program in advance, an identifier of the designated program, Storing at least one set consisting of: a decryption key inputted in advance; and transmitting a decrypted program obtained by encrypting a set consisting of an input program, an identifier of the input program, and a power from the outside.
- a high security level can be assured by controlling permission and rejection of execution of the decrypted program by using information for confirming that the program is the designated program.
- the present invention is a program execution control program stored in a computer-readable medium for causing a computer to execute only a designated program specified in advance, wherein a predetermined function is previously stored in the designated program. Storing at least one set of an expected value obtained by application and an identifier of the specified program; storing a decryption key input in advance; and an input program and an identifier of the input program. Externally inputting an encrypted program obtained by encrypting the set, and decrypting the encrypted program using the decryption key to generate a decrypted program and an identifier of the decrypted program.
- a high security level can be guaranteed by controlling the permission and rejection of execution of the decrypted program using the information for confirming that the program is the designated program.
- FIG. 1 is a block diagram showing an example of a configuration of a program execution control system according to an embodiment of the present invention.
- FIG. 2 is a block diagram showing an example of a configuration of the client terminal according to the embodiment of the present invention.
- FIG. 3 is a block diagram showing an example of a configuration of the program execution control device according to the embodiment of the present invention.
- FIG. 4 is a block diagram showing an example of a function of the program execution control device according to the embodiment of the present invention.
- FIG. 5 is a flowchart showing an example of OS processing at the time of program execution.
- FIG. 6 is a flowchart showing an example of the processing of the program execution control device when executing the program.
- FIG. 1 is a block diagram showing an example of a configuration of a program execution control system according to an embodiment of the present invention.
- the program execution control system includes a server 1 and a client terminal 2 connected by a network 3.
- Server 1 and client terminal 2 transmit and receive data via network 3.
- Real truth In the embodiment, a description will be given using a PC as the client terminal 2.
- FIG. 1 shows one client terminal 2 for simplicity, but a plurality of client terminals 2 are connected to the network 3.
- the server 1 and the client terminal 2 perform mutual authentication to confirm whether or not they are mutually reliable parties, and then use an encrypted communication path between the server 1 and the client terminal 2. The communication that had been done.
- FIG. 2 is a block diagram showing an example of a configuration of a client terminal.
- the client terminal 2 includes a CPU (Central Processing Unit) 11, a program execution control device 12, a main storage device 13, an I / O (Input / Output) 14, It comprises a secondary storage device 15, a display 16, a keyboard 17, and a network interface 18.
- the program execution controller 12, the main storage device 13, and the I / O 14 are connected to the CPU 11 via the system bus, and the secondary storage device 15, the display 16, the keyboard 17, and the network interface 18 are connected to the I / O 14 Is connected to
- the CPU 11 executes the S and programs.
- the program execution control device 12 performs decoding / determination of a program to be executed, and the like.
- the main storage device 13 is a storage device for operating the OS and various programs, and is configured by, for example, a memory.
- the secondary storage device 15 is a storage device for storing an OS, various programs, and the like executed on the client terminal 2, and is constituted by, for example, a hard disk drive.
- the display 16 performs display according to the instruction of the CPU 11.
- the keyboard 17 receives an input from a user and outputs the input to the CPU 11.
- the network interface 18 inputs and outputs programs and data to and from the server 1 connected via the network 3.
- FIG. 3 is a block diagram showing an example of a configuration of a program execution control device.
- the program execution control device 12 includes a CPU 21, a main storage device 22, an I / O 23, an external interface 24, and a secondary storage device 25.
- the main storage 22 and I / O 23 are connected to the CPU 21 via the system bus,
- the interface 24 and the secondary storage device 25 are connected to the I / O 23.
- the CPU 21 controls each unit in the program execution control device 12.
- the main storage device 22 is a storage device on which software for program execution control operates, and is composed of, for example, a memory.
- the external interface 24 is an interface for inputting and outputting data to and from the outside of the program execution controller 12, and is connected to the system bus of the client terminal 2.
- the secondary storage device 25 is a storage device for storing software to be executed by the program execution control device 12, and is composed of, for example, a nonvolatile memory.
- FIG. 4 is a block diagram showing an example of a function of the program execution control device.
- the functions of the program execution control device include an input / output interface 31, a decryption unit 32, a decryption key storage unit 33, an operation hash value calculation unit 34, and a comparison unit 3. 5, an expected hash table storage unit 36, an operation hash table storage unit 37, and a gate 38.
- the input / output interface 31, the decryption unit 32, the operation hash value calculation unit 34, the comparison unit 35, and the gate 38 are software stored in the secondary storage device 25, and the main storage device 22. After that, the program is executed by the CPU 21.
- the decryption key storage unit 33, the expected hash table storage unit 36, and the operation hash table storage unit 37 are provided in the main storage device 22 or the secondary storage device 25, and are respectively provided for the decryption key, the expected hash table, and the operation. Stores a hash table.
- the input / output interface 31, the decryption unit 32, the operation hash value calculation unit 34, the comparison unit 35, and the gate 38 may be realized as hardware.
- the expected hash table is a list of specified programs that the server 1 is permitted to execute for the client terminal 2 and is composed of a set of a program ID of the specified program and an expected hash value.
- the program ID is a program-specific ID.
- server 1 applies a one-way function to a specified program, Is calculated as an expected hash value.
- the server 1 creates an entry in which the program ID of the specified program and the calculated expected hash value are paired.
- Server 1 creates the required number of entries for the specified program and creates the expected hash table.
- the server 1 sends the created expected hash table to the client terminal 2.
- the OS receives the expected hash table from the server 1 and outputs it to the program execution controller 12.
- the input / output interface 31 outputs the expected hash table input from the OS to the expected hash table storage unit 36, and the expected hash table storage unit 36 stores the expected hash table. .
- the process of downloading the expected hash table in the client terminal 2 is performed.
- the server 1 generates an encrypted program by combining the program ID of the designated program to be transmitted to the client terminal 2 with the program and performing encryption.
- the server 1 sends the encrypted program to the client terminal 2.
- the OS receives the encrypted program from the server 1 and stores it in the secondary storage device 15 of the client terminal 2. As described above, the program download processing in the client terminal 2 is performed.
- FIG. 5 is a flowchart showing an example of OS processing at the time of program execution.
- FIG. 6 is a flowchart showing an example of processing of the program execution control device at the time of program execution.
- the user uses the keyboard 17 to instruct execution of a program.
- the OS takes out the encrypted program specified by the keyboard 17 from the secondary storage device 15 and outputs it to the program execution control device 12 (S 1).
- the encrypted program received from the server 1 may be directly output to the program execution control device 12 without being stored in the secondary storage device 15.
- the encrypted program from the OS The data is input to the output interface 31 (S11).
- the input / output interface 31 outputs the encrypted program to the decryption unit 32, and the decryption unit 32 decrypts the encrypted program using the decryption key of the decryption key storage unit 33, and outputs the decrypted program and the program ID of the decrypted program. Is generated (S12).
- the decryption key is obtained in advance from the outside such as the server 1 and stored in the decryption key storage unit 33.
- the decrypted program is output to the gate 38 and the operation hash value calculation unit 34, and the program ID of the decrypted program is output to the expected hash table storage unit 36 and the operation hash table storage unit 37.
- the operation hash value calculation unit 34 calculates a hash value by applying a one-way function to the decrypted program, and sets it as an operation hash value (S13).
- the operation hash value is output to the comparison unit 35 and the operation hash table storage unit 37.
- the comparing unit 35 obtains the expected hash value corresponding to the program ID of the decrypted program from the expected noise table storage unit 36 (S14), compares the expected hash value with the calculated hash value, and obtains the expected hash value. It is determined whether or not the value matches the calculated hash value (S15).
- the operation hash table storage unit 37 sets the unused program entry of the operation hash table with the program ID of the decrypted program and the operation hash value. While storing, the entry number of the stored entry is output to the gate 38 (S16). The gate 38 combines the entry number and the decrypted program, outputs the combined program to the OS via the input / output interface 31 (S17), and ends this flow. On the other hand, if the expected hash value and the operation hash value do not match (S15, N), the gate 38 outputs an error to the OS via the input / output interface 31 (S18), and ends this flow.
- the OS that outputs the encrypted program to the program execution controller 12 receives the entry number and the decrypted program from the program execution controller 12 (S2, Y), ⁇ S Acquisition, process allocation, acquisition of process table, and setting of management information are performed (S3), and the entry number is stored in the process table (S4).
- the OS then runs the decrypted program.
- the line is executed (S5), and this flow ends. If the OS that outputs the encrypted program to the program execution controller 12 receives an error from the program execution controller 12 (S2, N), the flow ends without executing the program. You.
- the process of executing the program in the client terminal 2 is performed. By passing the program to the program execution controller before executing the program, the OS can execute only the specified program permitted to be executed by the server.
- the OS outputs the entry number corresponding to the currently executed decrypted program to the program execution controller 12 when ending the currently executed decrypted program, and deletes the entry in the arithmetic hash table. Ask. Next, the OS releases the process allocation memory and the process tape.
- the input / output interface 31 of the program execution controller 12 outputs the entry number input from OS to the operation hash table storage unit 37.
- the operation hash table storage unit 37 deletes the input entry number and marks it as “unused”. This is realized, for example, by zeroing the entry corresponding to the input entry number.
- the program execution termination processing in the client terminal 2 is performed. By performing the execution termination processing of this program, the entry storing the set of the program ID and the operation hash value of the currently executed decrypted program is stored in the operation hash table storage unit 37 of the program execution control device 12. Is stored.
- the server 1 sends the client terminal 2 a request to acquire all the entries in the operation hash table 37 or a part of the entries in the operation hash table 37.
- the OS receives a calculation hash table acquisition request from the server 1
- the OS outputs a calculation hash table acquisition request to the program execution control device 12.
- the operation hash table storage unit 37 receives a request to obtain an operation hash table via the input / output interface 31.
- the operation hash table storage unit 37 stores the operation hash According to the table acquisition request, the specified entry of the operation hash table is
- OS sends the specified entry to server 1.
- the server 1 that has received the entry can check the list of decrypted programs that are currently being executed on the client terminal 2. As described above, the execution confirmation processing of the program in the server 1 is performed.
- the server transmits the encrypted program obtained by encrypting the specified program, and the client terminal decrypts and executes the received encrypted program.
- the execution control device can handle programs that are not encrypted. In that case, the decryption unit 32 and the decryption key storage unit 33 shown in FIG. 4 become unnecessary.
- server 1 transmits the expected nosh table and the programmed program to client terminal 2, but the expected hash table and the encrypted program are transmitted to client terminal 2 from outside using a portable recording medium or the like. May be entered. Industrial potential
- a client terminal can operate only a legitimate program authenticated by a server, and controls permission and rejection of execution of a program by hardware instead of software. This guarantees a high security level. Furthermore, since the client terminal hardware safely holds a list of currently executing programs as an operation hash table, the server can reliably acquire the operation status of the program on the client terminal.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004558383A JP4226556B2 (ja) | 2002-12-12 | 2002-12-12 | プログラム実行制御装置、os、クライアント端末、サーバ、プログラム実行制御システム、プログラム実行制御方法、プログラム実行制御プログラム |
PCT/JP2002/013006 WO2004053664A1 (ja) | 2002-12-12 | 2002-12-12 | プログラム実行制御装置、os、クライアント端末、サーバ、プログラム実行制御システム、プログラム実行制御方法、プログラム実行制御プログラム |
EP02790723A EP1574928A4 (en) | 2002-12-12 | 2002-12-12 | PROGRAM MANAGEMENT CONTROL DEVICE, OS, CLIENT DEVICE, SERVER; PROGRAMMING CONTROL SYSTEM, PROGRAMMING CONTROL METHOD AND PROGRAMMING CONTROL PROGRAM |
US11/024,986 US20060150246A1 (en) | 2002-12-12 | 2004-12-30 | Program execution control device, OS, client terminal, server, program execution control system, program execution control method and computer program execution control program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2002/013006 WO2004053664A1 (ja) | 2002-12-12 | 2002-12-12 | プログラム実行制御装置、os、クライアント端末、サーバ、プログラム実行制御システム、プログラム実行制御方法、プログラム実行制御プログラム |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/024,986 Continuation US20060150246A1 (en) | 2002-12-12 | 2004-12-30 | Program execution control device, OS, client terminal, server, program execution control system, program execution control method and computer program execution control program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004053664A1 true WO2004053664A1 (ja) | 2004-06-24 |
Family
ID=32500624
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2002/013006 WO2004053664A1 (ja) | 2002-12-12 | 2002-12-12 | プログラム実行制御装置、os、クライアント端末、サーバ、プログラム実行制御システム、プログラム実行制御方法、プログラム実行制御プログラム |
Country Status (4)
Country | Link |
---|---|
US (1) | US20060150246A1 (ja) |
EP (1) | EP1574928A4 (ja) |
JP (1) | JP4226556B2 (ja) |
WO (1) | WO2004053664A1 (ja) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006185056A (ja) * | 2004-12-27 | 2006-07-13 | Toshiba Corp | 電子商取引に用いられる端末機器と端末システム |
JP2008005156A (ja) * | 2006-06-21 | 2008-01-10 | Matsushita Electric Ind Co Ltd | 情報処理端末および状態通知方法 |
JP2009509373A (ja) * | 2005-09-16 | 2009-03-05 | ノキア コーポレイション | 信頼性のある移動電話のための簡単で、拡張可能で且つ構成可能なセキュアなブート |
US8438385B2 (en) | 2008-03-13 | 2013-05-07 | Fujitsu Limited | Method and apparatus for identity verification |
JP2016538640A (ja) * | 2013-11-14 | 2016-12-08 | インカ・エントワークス・インコーポレイテッドInka Entworks, Inc. | プログラム保護装置 |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080214300A1 (en) * | 2000-12-07 | 2008-09-04 | Igt | Methods for electronic data security and program authentication |
US8083585B2 (en) | 2002-09-10 | 2011-12-27 | Igt | Apparatus and method for copying gaming machine configuration settings |
JP2005316890A (ja) * | 2004-04-30 | 2005-11-10 | Sony Corp | プログラム、コンピュータ、データ処理方法、通信システムおよびその方法 |
US8156488B2 (en) * | 2004-10-20 | 2012-04-10 | Nokia Corporation | Terminal, method and computer program product for validating a software application |
US8666900B1 (en) * | 2005-03-30 | 2014-03-04 | Intuit Inc. | Secure product enablement over channels with narrow bandwidth |
EP2235657B1 (en) * | 2007-12-21 | 2014-11-26 | Motorola Mobility LLC | System and method for preventing unauthorised use of digital media |
WO2009109811A1 (en) * | 2008-03-07 | 2009-09-11 | Ashish Anand | Platform security model for networking solution platforms |
FR2933836B1 (fr) * | 2008-07-11 | 2010-09-17 | Expway | Procede de declenchement d'une operation dans un terminal mobile |
US20100030874A1 (en) * | 2008-08-01 | 2010-02-04 | Louis Ormond | System and method for secure state notification for networked devices |
US8949991B2 (en) * | 2011-01-28 | 2015-02-03 | International Business Machines Corporation | Testing web services that are accessible via service oriented architecture (SOA) interceptors |
JP5885616B2 (ja) * | 2012-08-08 | 2016-03-15 | キヤノン株式会社 | 情報処理装置、インストール方法、およびプログラム |
US9891966B2 (en) * | 2015-02-10 | 2018-02-13 | Red Hat, Inc. | Idempotent mode of executing commands triggered by complex event processing |
US10423468B2 (en) | 2015-02-10 | 2019-09-24 | Red Hat, Inc. | Complex event processing using pseudo-clock |
JP6829168B2 (ja) | 2017-09-04 | 2021-02-10 | 株式会社東芝 | 情報処理装置、情報処理方法およびプログラム |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1139158A (ja) * | 1997-07-18 | 1999-02-12 | Nippon Telegr & Teleph Corp <Ntt> | 実行プログラムの保護方法およびその装置 |
JP2001312402A (ja) * | 2000-04-28 | 2001-11-09 | Ntt Data Corp | カードシステム、icカード及び記録媒体 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA1238427A (en) * | 1984-12-18 | 1988-06-21 | Jonathan Oseas | Code protection using cryptography |
US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
US5416840A (en) * | 1993-07-06 | 1995-05-16 | Phoenix Technologies, Ltd. | Software catalog encoding method and system |
JP3647907B2 (ja) * | 1994-09-09 | 2005-05-18 | 富士通株式会社 | 暗号化ソフトウェアの解凍システム |
US5657445A (en) * | 1996-01-26 | 1997-08-12 | Dell Usa, L.P. | Apparatus and method for limiting access to mass storage devices in a computer system |
US5944821A (en) * | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
AU4674300A (en) * | 1999-05-25 | 2000-12-12 | Motorola, Inc. | Pre-verification of applications in mobile computing |
US7694139B2 (en) * | 2002-10-24 | 2010-04-06 | Symantec Corporation | Securing executable content using a trusted computing platform |
-
2002
- 2002-12-12 JP JP2004558383A patent/JP4226556B2/ja not_active Expired - Fee Related
- 2002-12-12 WO PCT/JP2002/013006 patent/WO2004053664A1/ja active Application Filing
- 2002-12-12 EP EP02790723A patent/EP1574928A4/en not_active Withdrawn
-
2004
- 2004-12-30 US US11/024,986 patent/US20060150246A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1139158A (ja) * | 1997-07-18 | 1999-02-12 | Nippon Telegr & Teleph Corp <Ntt> | 実行プログラムの保護方法およびその装置 |
JP2001312402A (ja) * | 2000-04-28 | 2001-11-09 | Ntt Data Corp | カードシステム、icカード及び記録媒体 |
Non-Patent Citations (1)
Title |
---|
See also references of EP1574928A4 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006185056A (ja) * | 2004-12-27 | 2006-07-13 | Toshiba Corp | 電子商取引に用いられる端末機器と端末システム |
JP2009509373A (ja) * | 2005-09-16 | 2009-03-05 | ノキア コーポレイション | 信頼性のある移動電話のための簡単で、拡張可能で且つ構成可能なセキュアなブート |
JP2008005156A (ja) * | 2006-06-21 | 2008-01-10 | Matsushita Electric Ind Co Ltd | 情報処理端末および状態通知方法 |
US8438385B2 (en) | 2008-03-13 | 2013-05-07 | Fujitsu Limited | Method and apparatus for identity verification |
JP2016538640A (ja) * | 2013-11-14 | 2016-12-08 | インカ・エントワークス・インコーポレイテッドInka Entworks, Inc. | プログラム保護装置 |
Also Published As
Publication number | Publication date |
---|---|
EP1574928A1 (en) | 2005-09-14 |
EP1574928A4 (en) | 2007-11-21 |
JP4226556B2 (ja) | 2009-02-18 |
US20060150246A1 (en) | 2006-07-06 |
JPWO2004053664A1 (ja) | 2006-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111213171B (zh) | 用于安全离线支付的方法和装置 | |
WO2004053664A1 (ja) | プログラム実行制御装置、os、クライアント端末、サーバ、プログラム実行制御システム、プログラム実行制御方法、プログラム実行制御プログラム | |
US9294279B2 (en) | User authentication system | |
US10430616B2 (en) | Systems and methods for secure processing with embedded cryptographic unit | |
US8560857B2 (en) | Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program | |
US8484449B2 (en) | Program, communication device, data processing method, and communication system | |
US9264426B2 (en) | System and method for authentication via a proximate device | |
TWI524275B (zh) | 儲存裝置及操作一儲存裝置之方法 | |
US7457960B2 (en) | Programmable processor supporting secure mode | |
US10361864B2 (en) | Enabling a secure OEM platform feature in a computing environment | |
CN110688660B (zh) | 一种终端安全启动的方法及装置、存储介质 | |
JP2004213216A (ja) | 情報セキュリティマイクロコンピュータ、そのプログラム開発装置およびそれらを含んだプログラム開発システム | |
CN111401901B (zh) | 生物支付设备的认证方法、装置、计算机设备和存储介质 | |
US7577849B2 (en) | Keyed-build system for controlling the distribution of software | |
WO2016192774A1 (en) | Electronic device and method in an electronic device | |
KR20190128534A (ko) | 기능확장을 위한 신뢰실행환경들의 결합 방법 및 비즈니스 프로세스 지원을 위한 fido u2f 활용 방법 | |
CN117063174A (zh) | 用于通过基于app的身份的app间相互信任的安全模块及方法 | |
CN114785845B (zh) | 会话的建立方法、装置、存储介质及电子装置 | |
Urien | An OPENID Identity Service for Android, Based on USIM Secure Elements | |
US20220078026A1 (en) | Verifications of workload signatures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004558383 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002790723 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11024986 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2002790723 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 11024986 Country of ref document: US |