US 12,223,096 B2
Access control apparatus, access control method, and program
Akiyuki Hatakeyama, Kanagawa (JP)
Assigned to SONY INTERACTIVE ENTERTAINMENT INC., Tokyo (JP)
Appl. No. 17/623,970
Filed by SONY INTERACTIVE ENTERTAINMENT INC., Tokyo (JP)
PCT Filed Jul. 21, 2020, PCT No. PCT/JP2020/028298
§ 371(c)(1), (2) Date Dec. 30, 2021,
PCT Pub. No. WO2021/015204, PCT Pub. Date Jan. 28, 2021.
Claims priority of application No. 2019-135539 (JP), filed on Jul. 23, 2019.
Prior Publication US 2022/0261505 A1, Aug. 18, 2022
Int. Cl. G06F 21/64 (2013.01); H04L 9/08 (2006.01)
CPC G06F 21/64 (2013.01) [H04L 9/0861 (2013.01)] 12 Claims
OG exemplary drawing
 
1. An access control apparatus that stores target data to which access is requested, the access control apparatus comprising:
a memory to store the target data; and
processing circuitry configured to
verify digest value data by comparing a generated digest value data with a decrypted digest value data,
in a case that the digest value data is verified, generate an individual key specific to the access control apparatus,
generate an individual key specific to the access control apparatus, wherein the individual key is newly generated each time the access control apparatus is started,
securely store the individual key in a secure module, wherein the individual key is not accessible by the processing circuitry,
calculate, by using the individual key, an integrity check value based on the verified digest value data,
generate integrity check value data indicating the calculated integrity check value, the integrity check value data being specific to the access control apparatus, wherein the integrity check value data is generated based on a message authentication code algorithm using a block cipher, wherein the integrity check value data is a truncated cipher-based message authentication code (CMAC) that is smaller in data size than the verified digest value data,
store the integrity check value data in a kernel memory,
read out, from the kernel memory, a part of the integrity check value data corresponding to a block that is part of the target data and issue, to the secure module, an access request for the block,
in response to the access request being approved by the secure module, read out the block to which access was requested and calculate the integrity check value based on the block that is read out by using the individual key,
compare the integrity check value indicated by the part of the integrity check value data corresponding to the block with the calculated integrity check value, and
write the block to the memory in a case where the comparison succeeds.