Storage device deleting encryption key, method of operating the same, and method of operating electronic device including the same
US-2024086336-A1 · Mar 14, 2024 · US
Information processing apparatus and program execution method
US9286242B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9286242-B2 |
| Application number | US-201414198003-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 5, 2014 |
| Priority date | Sep 17, 2013 |
| Publication date | Mar 15, 2016 |
| Grant date | Mar 15, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
According to one embodiment, an information processing apparatus includes a processor, a main memory, and a memory controller. The memory controller executes an access restriction for each memory region. A first program decodes a protected program which was encrypted in a secure mode. The first program places the protected program which was decoded in a memory region. A second program executes the protected program in a secure mode. The processor places a code region and a protected data region in the protected program which was decoded in a memory region having an access restriction by using the first program. When an access to the protected data region is confirmed, the processor confirms by using the second program that the access is caused by a command from the code region placed by the first program, and then, executes the command.
First claim
Opening claim text (preview).
What is claimed is: 1. An information processing apparatus comprising: a processor that operates by switching between two or more security modes, the security modes including a secure mode and a non-secure mode, the non-secure mode having a security level lower than the secure mode; a main memory to which the processor accesses, the main memory including a first memory region and a second memory region; and a memory controller that controls the main memory, the memory controller inhibiting data writing to the first memory region and the second memory region and data reading from the first memory region in the non-secure mode, and permitting data reading from the second memory region in the non-secure mode, the processor places a first program and a second program in the first memory region, in the secure mode, the processor executes the first program to decode a protected program which was encrypted and to place a code region and a protected data region in the second memory region and the first memory region, respectively, the protected program including the code region and the protected data region, in the secure mode, the processor executes the second program to execute the protected program, and when the processor executes a program to access the protected data region is in the non-secure mode, the processor executes the second program to confirm an access to the protected data region is caused by a command from the code region placed in the second memory region, and wherein the processor executes an error process, when the processor executes a program to access the protected data region in the non-secure mode by a command from a region other than the code region placed in the second memory region. 2. The information processing apparatus according to claim 1 , wherein the processor executes a boot program to place the first program and the second program in the first memory region. 3. The information processing apparatus according to claim 1 , wherein the main memory includes a third memory region, the memory controller permitting data writing to the third memory region and data reading from the third memory region in the non-secure mode, and the processor executes the first program to place the protected program having encrypted in the third memory region. 4. The information processing apparatus according to claim 3 , wherein the processor places memory section information having encrypted in the third memory region, and the processor executes the first program to decode the memory section information and to place the code region and the protected data region according to the memory section information having decoded. 5. The information processing apparatus according to claim 1 , wherein the processor executes a boot program to place a key in the first memory, the key being used for decoding the protected program. 6. The information processing apparatus according to claim 1 , further comprising: a storage device to which the processor accesses, the storage device including a secure region, data reading from the secure region being inhibited in the non-secure mode, wherein the storage device holds the first program and the second program in the secure region. 7. The information processing apparatus according to claim 1 , further comprising: a storage device to which the processor accesses, the storage device including a non-secure region, data reading from the non-secure region being permitted in the non-secure mode, wherein the storage device holds the protected program having encrypted in the non-secure region. 8. The information processing apparatus according to claim 1 , further comprising: a storage device to which the processor accesses, the storage device including a non-secure region, data reading from the non-secure region being permitted in the non-secure mode, wherein the storage device holds the memory section information having encrypted in the non-secure region, and the processor executes the first program to decode the memory section information and to place the code region and the protected data region according to the memory section information having decoded. 9. A program execution method comprising: operating by switching between two or more security modes, the security modes including a secure mode and a non-secure mode, the non-secure mode having a security level lower than the secure mode; executing a access restriction to a first memory region and a second memory region a main memory to which the processor accesses, the access restriction including inhibiting data writing to the first memory region and the second memory region and data reading from the first memory region in the non-secure mode, and permitting data reading from the second memory region in the non-secure mode, placing a first program and a second program in the first memory region, executing the first program in the secure mode to decode a protected program which was encrypted and to place a code region and a protected data region in the second memory region and the first memory region, respectively, the protected program including the code region and the protected data region; and executing the second program in the secure mode, wherein when a is executed in the non-secure mode to access the protected data region is in the non-secure mode, the second program is executed to confirm an access to the protected data region is caused by a command from the code region placed in the second memory region, and wherein an error process is executed, when a program is executed in the non-secure mode to access the protected data region by a command from a region other than the code region placed in the second memory region. 10. The program execution method according to claim 9 , further comprising: executing a boot program to place the first program and the second program in the first memory region. 11. The program execution method according to claim 9 , further comprising: executing the first program to place the protected program having encrypted in a third memory region, data writing to the third memory region and data reading from the third memory region being permitted in the non-secure mode. 12. The program execution method according to claim 11 , further comprising: placing memory section information having encrypted in the third memory region; executing the first program to decode the memory section information; and placing the code region and the protected data region according to the memory section information having decoded. 13. The program execution method according to claim 9 , further comprising: executing a boot program to place a key in the first memory, the key being used for decoding the protected program.
Assignees
Inventors
Classifications
- G06F12/1408Primary
by using cryptography (for digital transmission H04L9/00) · CPC title
in a hierarchical protection system, e.g. privilege levels, memory rings · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9286242B2 cover?
- According to one embodiment, an information processing apparatus includes a processor, a main memory, and a memory controller. The memory controller executes an access restriction for each memory region. A first program decodes a protected program which was encrypted in a secure mode. The first program places the protected program which was decoded in a memory region. A second program executes …
- Who is the assignee on this patent?
- Toshiba Kk
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1408. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).