| 发明名称 | Information processing apparatus | ||
| 摘要 | According to one embodiment, a first processor of an information processing apparatus switches between a secure mode and a non-secure mode and reports its mode. When the first processor is in the secure mode, a second processor accesses to a protected area of a storage module. A boot program for the first processor and a program which activates the first processor in the non-secure mode are verified. Furthermore, a program which activates the first processor in the secure mode is encrypted, and its decryption key is stored in the protected area of the storage module. | ||
| 申请公布号 | US8984302(B2) | 申请公布日期 | 2015.03.17 |
| 申请号 | US201314014963 | 申请日期 | 2013.08.30 |
| 申请人 | Kabushiki Kaisha Toshiba | 发明人 | Isozaki Hiroshi;Hirota Atsushi |
| 分类号 | G06F12/04;G06F12/14;G06F21/70 | 主分类号 | G06F12/04 |
| 代理机构 | Knobbe, Martens, Olson & Bear LLP | 代理人 | Knobbe, Martens, Olson & Bear LLP |
| 主权项 | 1. An information processing apparatus comprising: a first processor configured to selectively switch between a secure mode and a non-secure mode, to perform data processing in each mode, and to report state information indicative of the mode of the first processor; a storage module comprising a protected area and a user area; a second processor configured to access the storage module based on a request from the first processor; a key managing module configured to manage a first key in order to restrict access to the protected area of the storage module; an authenticating module configured to permit access to the protected area only when an authentication performed using the first key is successful; and a program storage module configured to store a secure monitor and a boot loader, wherein the boot loader is configured to activate the secure monitor, and the secure monitor is configured to switch between the secure mode and the non-secure mode and to activate an operating system for causing the first processor to operate in the secure mode; and wherein the second processor comprises: a first access determining module configured to permit a first data accessing module to access the storage module when the first processor is in the secure mode, wherein the first data accessing module is configured to receive data for authentication from the storage module and to transmit the data for authentication to the first processor, based on a request from the first processor, and a second data accessing module configured to access the user area of the storage module based on a request from the first processor, and wherein the operating system is encrypted; andwherein a decryption key for the encrypted operating system is stored in the protected area of the storage module. | ||
| 地址 | Tokyo JP | ||