Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020107104 - PERSONALIZED AND CRYPTOGRAPHICALLY SECURE ACCESS CONTROL IN OPERATING SYSTEMS

Publication Number WO/2020/107104
Publication Date 04.06.2020
International Application No. PCT/CA2019/051687
International Filing Date 26.11.2019
IPC
G06F 21/00 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06F 21/51 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/74 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71to assure secure computing or processing of information
74operating in dual or compartmented mode, i.e. at least one secure mode
G06F 9/445 2018.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
44Arrangements for executing specific programs
445Program loading or initiating
CPC
G06F 21/44
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
44Program or device authentication
G06F 21/6218
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
G06F 21/74
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71to assure secure computing or processing of information
74operating in dual or compartmented mode, i.e. at least one secure mode
H04L 9/3236
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3236using cryptographic hash functions
Applicants
  • BICDROID INC. [CA]/[CA]
Inventors
  • YU, Xiang
  • MENG, Jin
  • YANG, En-Hui
Agents
  • BERESKIN & PARR LLP/S.E.N.C.R.L., S.R.L.
Priority Data
62/773,52430.11.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) PERSONALIZED AND CRYPTOGRAPHICALLY SECURE ACCESS CONTROL IN OPERATING SYSTEMS
(FR) CONTRÔLE D'ACCÈS PERSONNALISÉ ET SÉCURISÉ DE MANIÈRE CRYPTOGRAPHIQUE DANS DES SYSTÈMES D'EXPLOITATION
Abstract
(EN)
An access control system includes a processor configured to provide a trusted execution environment isolated from a rich execution environment. A rich OS operates in the rich execution environment while a trusted OS operates in the trusted execution environment. A plurality of protected data files are stored in non-volatile memory. When a process requests access to a protected data file, the computer system can permit the requesting process to access the requested data file only if a validated application token is present that corresponds to the requesting process. An application token is generated for the associated application by: detecting initiation of a first process associated with the associated application; determining that a valid user code is available within the trusted execution environment; and generating the application token using the valid user code upon determining that the valid user code is available within the trusted execution environment.
(FR)
Cette invention concerne un système de contrôle d'accès qui comprend un processeur configuré pour fournir un environnement d'exécution de confiance isolé d'un environnement d'exécution riche. Un système d'exploitation (SE) riche fonctionne dans l'environnement d'exécution riche tandis qu'un système d'exploitation de confiance fonctionne dans l'environnement d'exécution de confiance. Une pluralité de fichiers de données protégés sont stockés dans une mémoire non volatile. Lorsqu'un processus demande l'accès à un fichier de données protégé, le système informatique peut permettre au processus demandeur d'accéder au fichier de données demandé uniquement si un jeton d'application validé est présent qui correspond au processus demandeur. Un jeton d'application est généré pour l'application associée selon les étapes consistant à : détecter l'initiation d'un premier processus associé à l'application associée ; déterminer qu'un code utilisateur valide est disponible dans l'environnement d'exécution de confiance ; et générer le jeton d'application à l'aide du code utilisateur valide lorsqu'il est déterminé que le code utilisateur valide est disponible dans l'environnement d'exécution de confiance.
Latest bibliographic data on file with the International Bureau